Vulnerability Note VU#466161
XML signature HMAC truncation authentication bypass
Overview
The XML Signature specification allows for HMAC truncation, which may allow a remote attacker to bypass authentication.
Description
XML Signature Syntax and Processing (XMLDsig) is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services for data. XMLDsig is commonly used by web services such as SOAP. The XMLDsig recommendation includes support for HMAC truncation, as specified in RFC2104. However, the XMLDsig specification does not follow the RFC2104 recommendation to not allow truncation to less than half of the length of the hash output or less than 80 bits. When HMAC truncation is under the control of an attacker this can result in an effective authentication bypass. For example, by specifying an HMACOutputLength of 1, only one bit of the signature is verified. This can allow an attacker to forge an XML signature that will be accepted as valid. |
Impact
This vulnerability can allow an attacker to bypass the authentication mechanism provided by the XML Signature specification. |
Solution
Apply an update Please check with your vendor for available updates. Erratum E03 for the XMLDsig recommendation has been added, which specifies minimum values for HMAC truncation. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Apache XML Security | Affected | - | 14 Jul 2009 |
| Apple Inc. | Affected | 09 Jul 2009 | 10 Jul 2009 |
| Debian GNU/Linux | Affected | 09 Jul 2009 | 14 Jul 2009 |
| IBM Corporation | Affected | 09 Jul 2009 | 14 Jul 2009 |
| Mono-Project | Affected | - | 10 Jul 2009 |
| Oracle Corporation | Affected | - | 13 Jul 2009 |
| RSA Security, Inc. | Affected | - | 14 Jul 2009 |
| Sun Microsystems, Inc. | Affected | 09 Jul 2009 | 05 Aug 2009 |
| XML Security Library | Affected | - | 10 Jul 2009 |
| Force10 Networks, Inc. | Not Affected | 09 Jul 2009 | 14 Jul 2009 |
| m0n0wall | Not Affected | 09 Jul 2009 | 10 Jul 2009 |
| PePLink | Not Affected | 09 Jul 2009 | 20 Jul 2009 |
| Q1 Labs | Not Affected | 09 Jul 2009 | 10 Jul 2009 |
| The SCO Group | Not Affected | 09 Jul 2009 | 13 Jul 2009 |
| VMware | Not Affected | 09 Jul 2009 | 14 Jul 2009 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.w3.org/2008/06/xmldsigcore-errata.html#e03
- http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
- http://www.rsa.com/blog/blog_entry.aspx?id=1492
- http://www.w3.org/TR/xmldsig-core/
- http://www.w3.org/TR/xmldsig-core/#sec-HMAC
- http://tools.ietf.org/html/rfc2104#section-5
- http://www.oasis-open.org/specs/index.php#wss
- http://www.w3.org/2000/xp/Group/
- http://msdn.microsoft.com/en-us/library/ms996502.aspx
- http://www.ibm.com/support/docview.wss?rs=180&uid=swg21384925
- http://santuario.apache.org/download.html
- http://www.mono-project.com/Vulnerabilities
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
- http://www.aleksey.com/xmlsec/downloads.html
- http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161
- http://rdist.root.org/2009/07/19/xmldsig-welcomes-all-signatures/
Credit
Thanks to Thomas Roessler of the W3C for reporting this vulnerability.
This document was written by Will Dormann.
Other Information
- CVE IDs: CVE-2009-0217
- Date Public: 14 Jul 2009
- Date First Published: 14 Jul 2009
- Date Last Updated: 05 Aug 2009
- Severity Metric: 8.16
- Document Revision: 28
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.