httpsig-hyper Digest Header Verification Vulnerability Allowing Message Integrity Bypass

A vulnerability exists in the httpsig-hyper library, which is an extension for HTTP message signatures. In versions prior to 0.0.23, the library's Digest header verification could incorrectly succeed. This issue arose from a misuse of Rust's matches! macro, where the expected digest was treated as a pattern binding instead of a value comparison. As a result, the verification could falsely indicate a match, allowing undetected modifications to the message body. The impact of this vulnerability varies based on the library's integration and the presence of additional signature validation layers.

Impact

Exploitation of this vulnerability could lead to undetected modifications of the HTTP message body, bypassing integrity checks that applications rely on for signature validation.

Reproduction

The vulnerability can be reproduced by using httpsig-hyper versions prior to 0.0.23 and sending a request with a Digest header. The library will incorrectly validate the header, allowing modifications to the message body without detection.

Remediation

Users are advised to upgrade to httpsig-hyper version 0.0.23 or later. For those unable to upgrade immediately, it is recommended to avoid relying solely on Digest verification for message integrity and to ensure full HTTP signature verification is enforced at the application layer.