Message Signature Bypass Affecting openpgp package, versions <4.2.0
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-OPENPGP-460248
- published 22 Aug 2019
- disclosed 5 Nov 2018
- credit Sec Consult
Introduced: 5 Nov 2018
CVE-2019-9153 Open this link in a new tabHow to fix?
Upgrade openpgp to version 4.2.0 or higher.
Overview
openpgp is a JavaScript implementation of the OpenPGP protocol.
Affected versions of this package are vulnerable to Message Signature Bypass. OpenPGP defines several types of signatures with each type carrying a different semantic. Signatures are implemented as packets and each signature packet can contain subpackets.
To indicate a message signature (e.g. a signed e-mail), the signature type “text” is used. The text signature packet verifies both its subpackets as well as the signed text.
During verification of a message signature, OpenPGP.js does not verify that the signature is of type text. An attacker could therefore construct a message that, instead of a text signature, contains a signature of another type. As the input required for the verification process depends on the signature type, an attacker could use a signature with a type that only verifies its subpackets and does not require additional input.
An attacker could construct a message that contains a valid “standalone” or “timestamp” signature packet signed by another person. OpenPGP.js would incorrectly assume this message to be signed by that person.