Message Signature Bypass Affecting openpgp package, versions <4.2.0


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of concept
EPSS
0.99% (84th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JS-OPENPGP-460248
  • published22 Aug 2019
  • disclosed5 Nov 2018
  • creditSec Consult

Introduced: 5 Nov 2018

CVE-2019-9153  (opens in a new tab)
CWE-639  (opens in a new tab)

How to fix?

Upgrade openpgp to version 4.2.0 or higher.

Overview

openpgp is a JavaScript implementation of the OpenPGP protocol.

Affected versions of this package are vulnerable to Message Signature Bypass. OpenPGP defines several types of signatures with each type carrying a different semantic. Signatures are implemented as packets and each signature packet can contain subpackets.

To indicate a message signature (e.g. a signed e-mail), the signature type “text” is used. The text signature packet verifies both its subpackets as well as the signed text.

During verification of a message signature, OpenPGP.js does not verify that the signature is of type text. An attacker could therefore construct a message that, instead of a text signature, contains a signature of another type. As the input required for the verification process depends on the signature type, an attacker could use a signature with a type that only verifies its subpackets and does not require additional input.

An attacker could construct a message that contains a valid “standalone” or “timestamp” signature packet signed by another person. OpenPGP.js would incorrectly assume this message to be signed by that person.

CVSS Scores

version 3.1