CVE-2022-24771
Signature Verification Bypass vulnerability in node-forge (npm)
What is CVE-2022-24771 About?
This vulnerability is a Signature Verification Bypass in RSA PKCS#1 v1.5 where a crafted structure can steal padding bytes and use unchecked portions of the encoded message to forge a signature. This can lead to security compromises, and its exploitation requires specific conditions such as a low public exponent, making it moderately difficult to exploit.
Affected Software
Technical Details
The vulnerability lies in the lenient checking of the digest algorithm structure within the RSA PKCS#1 v1.5 signature verification code. An attacker can craft a specific signature structure designed to steal padding bytes. This allows the attacker to manipulate the unchecked portion of the PKCS#1 encoded message. When a low public exponent is used with the RSA key, this manipulation can result in a forged signature that passes verification.
What is the Impact of CVE-2022-24771?
Successful exploitation may allow attackers to bypass signature verification mechanisms, leading to the acceptance of illegitimate or malicious data as authentic. This could compromise data integrity, allow unauthorized actions, or facilitate further attacks by circumventing cryptographic controls.
What is the Exploitability of CVE-2022-24771?
Exploitation of this vulnerability is complex, requiring a deep understanding of RSA PKCS#1 v1.5 signature mechanics and the ability to craft sophisticated attack structures. Prerequisites include the target system using a low public exponent for RSA keys. Authentication is not directly required to present a forged signature, but the signature must be processed by a vulnerable system. No specific privileges are necessary on the target system other than the ability for the crafted signature to be verified. The attack is likely remote if signature verification occurs over a network protocol. The primary constraining factor is the requirement for a low public exponent, which is not universally present. The likelihood of exploitation increases if target systems are using older or non-standard RSA key generation practices.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-24771?
About the Fix from Resolved Security
This patch ensures that when parsing DER-encoded ASN.1 data, all bytes must be fully parsed and valid, and it strictly validates the structure and fields of the DigestInfo used in RSA PKCS#1 v1.5 signature verification. By enforcing these checks, it prevents attackers from exploiting the vulnerable parser to pass signatures containing extra or malformed bytes, thereby mitigating the risk described in CVE-2022-24771 where partial or improperly structured data could result in a signature bypass.
Available Upgrade Options
- node-forge
- <1.3.0 → Upgrade to 1.3.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2022-24771
- https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2
- https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
- https://github.com/digitalbazaar/forge
- https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765
- https://osv.dev/vulnerability/GHSA-cfm4-qjh2-4765
- https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765
- https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
What are Similar Vulnerabilities to CVE-2022-24771?
Similar Vulnerabilities: CVE-2020-0601 , CVE-2016-7241 , CVE-2015-0204 , CVE-2014-3570 , CVE-2006-2580
