201708-01

Invalid token creation and validation

Background

The SimpleSAML_Auth_TimeLimitedToken class allows the creation and validation of tokens that are valid for a limited period of time and can be used for authentication purposes. These tokens are used for example by the selfregister module, both when creating new accounts and when resetting an existing password. The tokens are sent via email as part of a URL, so that the user in possession of the token is granted access. This is a fairly common mechanism.

Description

A security issue has been found in the way these time-limited tokens are created, allowing for malicious manipulation so that a token’s validity period can be indefinitely extended.

Tokens are built by prepending a time offset to the token itself, so that this offset can be subtracted from the current time and get the original time slot when the token was created. While the time slot, the salt used and the verification data (if any) are authenticated using a hash function, the offset prepended to the token lacks any kind of authentication. This means an attacker who manages to get an expired token by some means will be able to make the token valid again by increasing the prepended offset as much as needed to force the validation routine to hit the original time slot when the token was created on. In other words, tokens created like this are not bound to the current time at all.

In order to fix it, the offset itself is added to the hash computation, so that a change in the offset produces a new hash that won’t match, and therefore the token will be considered invalid.

Affected versions

All SimpleSAMLphp versions before and including 1.14.14.

Impact

Attackers who manage to get access to expired, secret tokens, may be able to modify them to make them valid again and use them to impersonate legitimate users.

Resolution

Upgrade to the latest version.