fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Bouncy Castle Crypto Authentication Bypass Vulnerability Revealed

Bouncy Castle Crypto Authentication Bypass Vulnerability Revealed

A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library.

When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user or administrator accounts due to a cryptographic weakness in the way passwords are checked.

Bouncy Castle is a set of cryptography APIs used by both Java and C#/.NET developers building security applications who’d rather not worry about rolling their own cryptographic algorithms.

The .NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.

Flawed password hashing algorithm

This week, two researchers Matti Varanka and Tero Rontti from Synopsys Cybersecurity Research Center have disclosed an authentication bypass vulnerability in Bouncy Castle.

Also Read: Top 8 Main PDPA Obligations To Boost And Secure Your Business

The flaw, tracked as CVE-2020-28052, exists in the OpenBSDBcrypt class of Bouncy Castle which implements the Bcrypt password hashing algorithm.

That is, the Bcrypt.doCheckPassword() function responsible for performing a byte-by-byte password hash match has an erroneous logic in place.

“The code checks for an index of characters from 0 to 59 inclusive, rather than checking that characters at positions from 0 to 59 match,” reads the report published by Synopsys.

“This means that passwords that result in hashes that, for instance, don’t contain bytes between 0x00 and 0x3B match every other password hash that don’t contain them. Passing this check means an attacker doesn’t need a byte-for-byte match with the stored hash value,” continues the report.

Bouncy Castle API vulnerability CVE-2020-28052
Vulnerable code for CVE-2020-28052 in Bouncy Castle’s Bcrypt.doCheckPassword() function

What this essentially comes down to is, brute-forcing a set of strings that will yield a hash which, when compared by the doCheckPassword() function returns true (i.e. match successful). 

Successful exploitation of the flaw means, an attacker could brute-force the password for any user account, including the administrator’s, should an application’s hash-based password checks be using Bouncy Castle.

High success rate on first 1,000 attempts

While strong passwords take a very long time to crack via brute-forcing, this implementation flaw “short circuits” the verification routine, letting this assumption slip.

On average, the researchers observed that 20% of tested passwords could be brute-forced on the first thousand attempts as a result of exploiting this vulnerability.

“Some password hashes take more attempts, determined by how many bytes lie between 0 and 60 (1 to 59). Further, our investigation shows that all password hashes can be bypassed with enough attempts. In rare cases, some password hashes can be bypassed with any input,” stated the report.

Bcrypt hashing-based authentication, according to the researchers, is used for authentication checks in web applications and APIs. 

Given that, the vulnerability has been assigned a High severity CVSS 3.1 rating.

According to the researchers, both Bouncy Castle 1.65 and 1.66 are impacted by this flaw but not versions prior to 1.65.

Also Read: New Data Protection Laws Australia: How Implementation Works

Bouncy Castle has applied a fix for this vulnerability in versions 1.67 and above and developers are encouraged to apply the upgrade.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us