crates.io security advisory - 2020-07-14
527 views
Skip to first unread message
Pietro Albini
Jul 14, 2020, 3:04:13 PM7/14/20
to rustlang-securi...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The Rust Security Response Working Group was recently notified of a security
issue affecting token generation in the crates.io web application, and while
investigated that issue we discovered an additional vulnerability affecting
crates.io API tokens.
We have no evidence of this being exploited in the wild, but out of an
abundance of caution we opted to revoke all existing API keys. You can generate
a new one at https://crates.io/me.
# Overview
Until recently, API keys for crates.io were generated using the PostgreSQL
random function, which is not a cryptographically secure random number
generator. This means that in theory, an attacker could observe enough random
values to determine the internal state of the random number generator, and use
this information to determine previously created API keys up to the last
database server reboot.
As part of the investigation for this, we also found that API keys were being
stored in plain text. This would mean if our database were somehow compromised
the attacker would be have API access for all current tokens.
# Mitigations
We deployed a code change to production to use a cryptographically secure
random number generator, and we implemented hashing for storing tokens in the
database.
Exploiting either issue would be incredibly impractical in practice, and we've
found no evidence of this being exploited in the wild. However, out of an
abundance of caution, we've opted to revoke all existing API keys. You can
generate a new API key by visiting https://crates.io/me. We apologize for any
inconvenience this causes.
# Acknowledgements
Thanks to Jacob Hoffman-Andrews [1] for responsibly disclosing the random
number generator issue according to our security policy [2]. Thanks to Siân
Griffin [3] and Justin Geibel [4] from the crates.io team for helping the
Security Response WG addressing both of the issues. Thanks to Pietro Albini [5]
from the Security Response WG for coordinating the work on this vulnerability.
## Timeline of events
All times are listed in UTC.
- - 2020-07-11 17:43 - The issue is reported to secu...@rust-lang.org
- - 2020-07-11 20:56 - The issue is acknowledged, the leads of the crates.io team
are looped in
- - 2020-07-11 23:48 - The issue is confirmed and a planned fix is agreed on
- - 2020-07-13 08:00 - The development of the fix is started
- - 2020-07-14 12:53 - The fix is tested on the staging environment
- - 2020-07-14 19:03 - The fix is deployed, existing tokens are revoked, and the
issue is disclosed publicly
[1] https://github.com/jsha
[2] https://www.rust-lang.org/policies/security
[3] https://github.com/sgrif
[4] https://github.com/jtgeibel
[5] https://github.com/pietroalbini
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEV2nIi/XdPRSiNKes77mGCudSDawFAl8OAYMACgkQ77mGCudS
DaysZA/8CDcuh/xKKpSQSkqU7kYayiknxhYubsfKmPSUSl4BLjmK48h67io7509X
q1zUoPFz9ID9V5oZeG3FXi6Ro1x3Y0kqAugu7Kt1N1ZVauwusfXRcQ4UIWpqTX7m
zPcAy4qDN9ZhKs6eB9izMUxjLGX50fsFBXIw/qpl/rA0dyioa1u4LSk2jORFCQkJ
5WZfmfW2NEckArNS+u4d5u9kGLMYsqUuVlf8y5zDSg1cxkpLOeIYTGYM7caxsAVi
Ap5kLHWaj7Xlzs6S0r5qJXMY5KRmJFd2sC6g/e2RDEgWY8cdCF4f3q30/Bw0EwbW
PiY62tqAJtPoecJeguFVNu2+1aqzvF6AQ/GZPMtsJeL7VQ/1hXeuQgvcAF7HFoD2
k5H3Qw7Lx8IBNd0Iy+tdPBX+VAP1knvMDcKfcUEZPXvAaRZPuaTd4AgswAAJXQkf
y7LrV2VI+Si4oTrnSj41GR7ppDICo/PRomfNEhoprEjBQdiXilw7Hfxyiu2CsZbi
w+ZP4L5fx+xSxTihaD5h/c2Q9O8wKjx/iboQ1ezAWxtNzBahYt1i5Ylzz6sdvt0m
NuKnEOGSkC5kVOyrJ7JDKwDItf4Q1uTpmRwSYpvirYPlVGKzQYPT69T3CfA1Nd9e
ehlA1ehh3yPzbMovBOq0kAt3tL7bj8az159oFV7uABuZ7DGBkjQ=
=+clv
-----END PGP SIGNATURE-----
Hash: SHA512
The Rust Security Response Working Group was recently notified of a security
issue affecting token generation in the crates.io web application, and while
investigated that issue we discovered an additional vulnerability affecting
crates.io API tokens.
We have no evidence of this being exploited in the wild, but out of an
abundance of caution we opted to revoke all existing API keys. You can generate
a new one at https://crates.io/me.
# Overview
Until recently, API keys for crates.io were generated using the PostgreSQL
random function, which is not a cryptographically secure random number
generator. This means that in theory, an attacker could observe enough random
values to determine the internal state of the random number generator, and use
this information to determine previously created API keys up to the last
database server reboot.
As part of the investigation for this, we also found that API keys were being
stored in plain text. This would mean if our database were somehow compromised
the attacker would be have API access for all current tokens.
# Mitigations
We deployed a code change to production to use a cryptographically secure
random number generator, and we implemented hashing for storing tokens in the
database.
Exploiting either issue would be incredibly impractical in practice, and we've
found no evidence of this being exploited in the wild. However, out of an
abundance of caution, we've opted to revoke all existing API keys. You can
generate a new API key by visiting https://crates.io/me. We apologize for any
inconvenience this causes.
# Acknowledgements
Thanks to Jacob Hoffman-Andrews [1] for responsibly disclosing the random
number generator issue according to our security policy [2]. Thanks to Siân
Griffin [3] and Justin Geibel [4] from the crates.io team for helping the
Security Response WG addressing both of the issues. Thanks to Pietro Albini [5]
from the Security Response WG for coordinating the work on this vulnerability.
## Timeline of events
All times are listed in UTC.
- - 2020-07-11 17:43 - The issue is reported to secu...@rust-lang.org
- - 2020-07-11 20:56 - The issue is acknowledged, the leads of the crates.io team
are looped in
- - 2020-07-11 23:48 - The issue is confirmed and a planned fix is agreed on
- - 2020-07-13 08:00 - The development of the fix is started
- - 2020-07-14 12:53 - The fix is tested on the staging environment
- - 2020-07-14 19:03 - The fix is deployed, existing tokens are revoked, and the
issue is disclosed publicly
[1] https://github.com/jsha
[2] https://www.rust-lang.org/policies/security
[3] https://github.com/sgrif
[4] https://github.com/jtgeibel
[5] https://github.com/pietroalbini
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEV2nIi/XdPRSiNKes77mGCudSDawFAl8OAYMACgkQ77mGCudS
DaysZA/8CDcuh/xKKpSQSkqU7kYayiknxhYubsfKmPSUSl4BLjmK48h67io7509X
q1zUoPFz9ID9V5oZeG3FXi6Ro1x3Y0kqAugu7Kt1N1ZVauwusfXRcQ4UIWpqTX7m
zPcAy4qDN9ZhKs6eB9izMUxjLGX50fsFBXIw/qpl/rA0dyioa1u4LSk2jORFCQkJ
5WZfmfW2NEckArNS+u4d5u9kGLMYsqUuVlf8y5zDSg1cxkpLOeIYTGYM7caxsAVi
Ap5kLHWaj7Xlzs6S0r5qJXMY5KRmJFd2sC6g/e2RDEgWY8cdCF4f3q30/Bw0EwbW
PiY62tqAJtPoecJeguFVNu2+1aqzvF6AQ/GZPMtsJeL7VQ/1hXeuQgvcAF7HFoD2
k5H3Qw7Lx8IBNd0Iy+tdPBX+VAP1knvMDcKfcUEZPXvAaRZPuaTd4AgswAAJXQkf
y7LrV2VI+Si4oTrnSj41GR7ppDICo/PRomfNEhoprEjBQdiXilw7Hfxyiu2CsZbi
w+ZP4L5fx+xSxTihaD5h/c2Q9O8wKjx/iboQ1ezAWxtNzBahYt1i5Ylzz6sdvt0m
NuKnEOGSkC5kVOyrJ7JDKwDItf4Q1uTpmRwSYpvirYPlVGKzQYPT69T3CfA1Nd9e
ehlA1ehh3yPzbMovBOq0kAt3tL7bj8az159oFV7uABuZ7DGBkjQ=
=+clv
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages