漏洞标题
在Biscuit的第三方块中的公钥混淆
漏洞描述信息
Biscuit是一个基于逻辑语言的去中心化验证、离线衰减和强安全策略执行的授权令牌。第三方块可以在不将整个令牌转移给第三方权威的情况下生成。相反,可以发送一个`ThirdPartyBlock`请求,仅提供生成第三方块以及对其进行签名所需的信息:1. 前一块的公钥(用于签名),2. 令牌符号表中的公钥部分(用于datalog表达式中的公钥插值)。恶意用户伪造的第三方块请求可以使第三方权威相信错误的密钥对,从而欺骗第三方权威生成信任了错误密钥对的datalog。令牌通过第三方块请求生成的包含`trusted`注释的第三方块。这个问题在规范的版本4中得到了解决。建议用户更新他们的实现以符合这一变更。对于这一漏洞,目前没有已知的补救方法。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
漏洞类别
认证机制不恰当
漏洞标题
Public key confusion in third party block in Biscuit
漏洞描述信息
Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a `ThirdPartyBlock` request can be sent, providing only the necessary info to generate a third-party block and to sign it: 1. the public key of the previous block (used in the signature), 2. the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair. Tokens with third-party blocks containing `trusted` annotations generated through a third party block request. This has been addressed in version 4 of the specification. Users are advised to update their implementations to conform. There are no known workarounds for this vulnerability.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N
漏洞类别
将资源暴露给错误范围
漏洞标题
Biscuit 安全漏洞
漏洞描述信息
Biscuit是biscuit-auth开源的一个委托的、去中心化的、基于能力的授权令牌。 Biscuit存在安全漏洞,该漏洞源于允许恶意用户通过伪造的第三方区块请求来欺骗第三方权威机构生成信任错误的密钥对的数据日志。
CVSS信息
N/A
漏洞类别
其他