[5.5] [Security] Close remember_me Timing Attack Vector #21320
Conversation
GrahamCampbell changed the title remember_me Timing Attack Vectorremember_me Timing Attack Vector 
| */ | ||
| public function retrieveByToken($identifier, $token) | ||
| { | ||
| $user = $this->conn->table($this->table) |
There was a problem hiding this comment.
This is surely the same as $user = $this->conn->table($this->table)->find($identifier); now?
| After upgrading I get this error: In this line: |
| A recent PR change the way remember token updated on logout, now during logout it will reset to |
| @crynobone can you please link me to this change? it seems like the remember_me token is renewed on logout, but never set to null! |
| @mcordingley @taylorotwell |
| @at-phucnguyen I don't think 5.2 is getting any more updates, even security ones. If you're worried about security, upgrade as soon as you're able. You're missing out on far more than just this one issue. |
| A similar fix should be applied to 5.1 given it's LTS for security fixes exists until June 2018? |
| Has the (possible, not reproduced by me) introduced bug reported by @Naxon being addressed? |
| Is #21323 the fix? |
| How about 5.4? |
| Security updates stopped in January for 5.4. |
12 participants
The current
remember_metoken verification process leaves the application open to a timing attack.Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be used or cookies not be encrypted, it becomes possible to tease this value out.
The proposed change switches to comparing the token using a constant-time comparison. This makes it impossible to learn the value of the token by timing responses, independently of guard or encryption settings.