ha-mcp OAuth Error Oracle Vulnerability Allowing Internal Network Reconnaissance

A vulnerability in ha-mcp versions through 6.7.2 allows for internal network reconnaissance via an error oracle. The issue arises in the OAuth consent form, which accepts a user-supplied URL and makes a server-side HTTP request to that URL's API config endpoint without proper validation. This lack of validation enables an unauthenticated attacker to submit arbitrary URLs and glean information about the internal network. Additionally, two other code paths in OAuth tool calls (REST and WebSocket) are impacted by the same vulnerability. The primary deployment method, which uses a private URL with a pre-configured HOMEASSISTANT_TOKEN, is not affected.

Impact

Exploitation of this vulnerability allows for internal network reconnaissance, where an attacker can map reachable hosts and open ports from the server's network position, using the error oracle created by the unvalidated URL requests.

Reproduction

To reproduce this vulnerability, register a client via the open DCR mode by sending a POST request to the registration endpoint. After registration, initiate the authorization process and extract the transaction ID. Then, submit arbitrary URLs through the OAuth consent form, which will trigger server-side requests to the supplied URLs without validation. This can be done programmatically, without user interaction.

Remediation

Users are advised to upgrade to ha-mcp version 7.0.0 or later.