ASA-2019-00528 – OpenPGP.js: Message Signature Bypass

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00528

Identifier(s)

ASA-2019-00528, CVE-2019-9153

Title

Message Signature Bypass

Vendor(s)

ProtonMail

Product(s)

OpenPGP.js

Affected version(s)

OpenPGP.js versions before 4.2.0

Fixed version(s)

OpenPGP.js version 4.2.0

Proof of concept

Yes

Description

During verification of a message signature, OpenPGP.js does not verify that the signature is of type text. An attacker could therefore construct a message that, instead of a text signature, contains a signature of another type. As the input required for the verification process depends on the signature type, an attacker could use a signature with a type that only verifies its subpackets and does not require additional input.

An attacker could construct a message that contains a valid “standalone” or “timestamp” signature packet signed by another person. OpenPGP.js would incorrectly assume this message to be signed by that person.

Technical details

Unknown

Credits

Wolfgang Ettlinger (SEC Consult Vulnerability Lab)

Reference(s)

Multiple Vulnerabilities in OpenPGP.js
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/

Mailvelope Extensions Security Audit
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html

Mailvelope Extensions Security Audit [PDF]
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.pdf?__blob=publicationFile

SEC_Consult_BSI_Mailvelope-message_signature_bypass.txt
https://sec-consult.com/wp-content/uploads/2019/08/SEC_Consult_BSI_Mailvelope-message_signature_bypass.txt

Release v4.2.0 – Security Release · openpgpjs/openpgpjs
https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0

Only accept binary or text signatures when verifying messages
https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc

CVE-2019-9153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9153

CVE-2019-9153
https://nvd.nist.gov/vuln/detail/CVE-2019-9153

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: September 4, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.