April 24, 2023

Time-Based-Side-Channel-Attack on secrets – (Two-Factor <= 0.7.1)

Calvin Alkan

| in

Affected plugin	Two-Factor (Plugin contributors)
Active installs	40.000+
Vulnerable version	<= 0.7.2
Audited version	0.7.1
Fully patched version	PENDING
Recommended remediation	PENDING

Description

The plugin uses string comparison operators that don’t mitigate time-based attacks in almost all places where secret keys are compared to user input.
A skilled attacker, given enough requests, can abuse this to reverse secrets using time-based-side-channel attacks.

Proof of concept

Validation of TOTP codes:

foreach ( $ticks as $offset ) {
	$log_time = $time + $offset;
	if ( self::calc_totp( $key, $log_time ) === $authcode ) {
		return true;
		}
	}
return false;

Validation of 2FA codes sent over email:

// Bail if token is empty or it doesn't match.
if ( empty( $hashed_token ) || ( wp_hash( $token ) !== $hashed_token ) ) {
	return false;
}

Validation of login nonces:

if ( $nonce !== $login_nonce['key'] || time() > $login_nonce['expiration'] ) {
	self::delete_login_nonce( $user_id );
	return false;
}

Proposed patch

Exclusively use hash_equals to compare secrets.

Timeline

Vendor contacted	September 07, 2022
First Response	September 07, 2022
Fully patched at	–
Publicly disclosed	April 24, 2023

snicco

Time-Based-Side-Channel-Attack on secrets – (Two-Factor <= 0.7.1)

Description

Proof of concept

Proposed patch

Timeline

Miscellaneous

Leave a Reply Cancel reply