Show Notes

99 - Rust in the Web? A Special Guest and some Bad Crypto

Stark Bank maintains two libraries “starkbank-ecdsa” one for Python and one for Node which insecurely implement the ECDSA signature verification method. The issue stems from two problems:

  1. The range of r and s is not checked ((r,s) is the ECDSA signature) to ensure valid values are used.
  2. In calculating the multiplicative inverse the result for 0 is 0 whereas it should be undefined.

This two issues combine to mean that a signature of (0,0) will validate for any message/key.

Great little bug taking advantage of the ability to manage GSuite users directly from within by trusted the Gsuite organization name and ID from the user request. By changing out the organization’s domain and id (does require knowing the target organization numeric id) in the requests makes when adding a new user, the user will be added to the new domain rather than to the one you actually own.

Even if a Shopify blog was private and required a password the post titles and preview of content would be published in the globally accessible atom feed

First, what is header smuggling? The idea of header smuggling is to create a request whose headers will be parsed differently by different servers in the potential chain of proxies it passes through. For example, one server might simply scan for the header starting with “Content-Length” to find the content length header, ignoring that it is actually Content-Length abcd: [value]. Allowing for a situation where one server reads the length as one value, and the next another.

AWS API Gateway IP Restrictions

They found that AWS API Gateway was vulnerable in this way and they could inject a “X-Forwarded-For” header as X-Forwarded-For abcd: [some whitelisted ip] to get around an IP-based black-list.

AWS Cognito Rate Limiting Bypass

Once hitting the ConfirmForgotPassword or ForgotPassword rate-limit the IP would be blocked. Adding a X-Forwarded-For:[0x0b]z header would bypass this rate-limit. The impact was minimized as other values would not bypass the rate-limit multiple times.

Cache Poisoning

This required a proper caching server in-front of the AWS API Gateway, but by injecting a corrupted Host header Host abdc: header, the caching server would read it properly, but AWS API Gateway would return the response from the corrupted header.

Request Smuggling

This was the attack that inspired the research above, presented by Amit Klein as Black Hat USA 2020. By injecting two Content-Length headers, one normal and one corrupted with Squid in front of Abyss Web Server, Squid would parse the legitimate Content Length, and Abyss will a different length (shorter) length, leading to request smuggling as it reads the read of the legitimate request as a new request.