A dangerous vulnerability (CVE-2020-28052) bypass authentication has been found in the popular open source crypto library Bouncy Castle. Its exploitation allows an attacker to gain access to user or administrator accounts.
According to security researchers Matti Varanka and Tero Rontti of Synopsys, the problem is in the Bouncy Castle OpenBSDBcrypt class, which implements the Bcrypt password hashing algorithm. That is, the Bcrypt.doCheckPassword () function, which is responsible for byte-wise matching of the password hash, has incorrect logic.
“The code checks the character index from 0 to 59, inclusive, and does not match the characters in positions 0 to 59. Passwords with hashes containing no bytes between 0x00 and 0x3B match any other password hash that does not contain them. Passing this check means that the attacker does not need to match the bytes with the stored hash value, ”the experts explained.
Successful exploitation of the vulnerability allows bouncing the password for any user account, including the administrator account, if Bouncy Castle is used in hash-based application password verification. Although it will take a very long time to crack strong passwords through a brute-force attack, an implementation issue causes an error in the verification procedure, allowing this process to continue.
According to experts, 20% of tested passwords can be cracked in the first thousand attempts as a result of exploiting this vulnerability. The issue affects Bouncy Castle versions 1.65 and 1.66. The specialists reported their findings to the Bouncy Castle developers, and the problem was fixed in versions 1.67 and higher.
Bouncy Castle is a software library that introduces a wide range of cryptography functionality. The library includes both the implementation of a large number of cryptographic functions and support for standard high-level cryptographic APIs of the respective platforms, and also contains low-level proprietary APIs for more flexible and efficient access to functionality.