Chia Blockchain Improper Authentication Vulnerability in RPC Credential Handler

A vulnerability allowing improper authentication has been identified in Chia Blockchain version 2.1.0. This issue arises in the RPC Credential Handler, specifically within the `_authenticate` function of the `rpc_server_base.py` file. The vulnerability can be exploited remotely and is considered to have high complexity, making it difficult to exploit. The Chia team was notified about this vulnerability via email, but a subsequent bug bounty report was rejected, stating that the issue was 'by design' and that users are responsible for their own host security.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized access to RPC commands. This could lead to critical actions such as transferring funds or extracting sensitive information like private keys and seed phrases.

Reproduction

The vulnerability can be reproduced by sending a request to the Chia RPC server without including any authentication credentials. If the server is running with the default configuration (which does not set RPC credentials), the `_authenticate` function will incorrectly validate the request as authorized. This authentication bypass can be combined with other vulnerabilities, such as Cross-Origin Request Forgery (CSRF), to execute commands on behalf of the user without their consent.