Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zZjk5LWh2ZzQtcWp3as0Weg
Insecure random number generation in keypair
Description and Impact
A bug in the pseudo-random number generator used by keypair versions up to and including 1.0.3 could allow for weak RSA key generation. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim. We recommend replacing any RSA keys that were generated using keypair version 1.0.3 or earlier.
Fix
- The bug in the pseudo-random number generator is fixed in commit
9596418. - If the crypto module is available, it is used instead of the pseudo-random number generator. Also fixed in
9596418
Additional Details
The specific line with the flaw is:
b.putByte(String.fromCharCode(next & 0xFF))
The definition of putByte is
util.ByteBuffer.prototype.putByte = function(b) {
this.data += String.fromCharCode(b);
};
Simplified, this is String.fromCharCode(String.fromCharCode(next & 0xFF)). This results in most of the buffer containing zeros. An example generated buffer:
(Note: truncated for brevity)
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
\x00\x00\x00\x00\x04\x00\x00\x00....\x00\x00\x00\x00\x00\x00\x00\x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
Since it is masking with 0xFF, approximately 97% of the bytes are converted to zeros. The impact is that each byte in the RNG seed has a 97% chance of being 0 due to incorrect conversion.
Credit
This issue was reported to GitHub Security Lab by Ross Wheeler of Axosoft. It was discovered by Axosoft engineer Dan Suceava, who noticed that keypair was regularly generating duplicate RSA keys. GitHub security engineer @vcsjones (Kevin Jones) independently investigated the problem and identified the cause and source code location of the bug.
Permalink: https://github.com/advisories/GHSA-3f99-hvg4-qjwjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zZjk5LWh2ZzQtcWp3as0Weg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 8.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Identifiers: GHSA-3f99-hvg4-qjwj, CVE-2021-41117
References:
- https://github.com/juliangruber/keypair/security/advisories/GHSA-3f99-hvg4-qjwj
- https://securitylab.github.com/advisories/GHSL-2021-1012-keypair/
- https://github.com/juliangruber/keypair/commit/9596418d3363d3e757676c0b6a8f2d35a9d1cb18
- https://nvd.nist.gov/vuln/detail/CVE-2021-41117
- https://github.com/juliangruber/keypair/releases/tag/v1.0.4
- https://github.com/advisories/GHSA-3f99-hvg4-qjwj
Blast Radius: 37.6
Affected Packages
npm:keypair
Dependent packages: 156Dependent repositories: 20,777
Downloads: 221,565 last month
Affected Version Ranges: < 1.0.4
Fixed in: 1.0.4
All affected versions: 0.0.1, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 1.0.0, 1.0.1, 1.0.2, 1.0.3
All unaffected versions: 1.0.4