ALTCHA Libraries Cryptographic Binding Flaw Vulnerable to Challenge Splicing and Replay Attacks

A vulnerability in ALTCHA libraries across multiple programming languages, including Go, Ruby, Python, Erlang, Java, and PHP, allows for challenge payload splicing due to a cryptographic semantic binding flaw. This issue enables replay attacks by allowing an attacker to modify expiration values in proof-of-work submissions, potentially reusing solved challenges beyond their intended lifespan. The vulnerability primarily affects bot mitigation and rate-limiting mechanisms, without directly compromising data confidentiality or integrity.

Impact

The vulnerability could disrupt abuse-prevention measures, such as rate limiting and bot mitigation, by allowing replayed challenges to bypass these controls, depending on how the server handles replays.

Reproduction

The vulnerability can be reproduced by creating a challenge with a payload that includes parameters. The HMAC signature will not properly bind these parameters to the nonce, allowing for manipulation of the expiration value. Once the challenge is modified, it can be submitted as a valid proof-of-work solution, exploiting the flaw.

Remediation

Users are advised to upgrade to version 1.0.0 of the ALTCHA Golang package, ALTCHA RubyGem, ALTCHA pip package, ALTCHA Erlang package, ALTCHA-lib npm package, ALTCHA Composer package, or ALTCHA Java Maven package. Additionally, as a workaround, implementations can append a delimiter to the 'salt' value before HMAC computation to prevent parameter splicing.