Mojic Observable Timing Discrepancy in HMAC Verification Vulnerability

A timing attack vulnerability has been identified in Mojic versions prior to 2.1.4. The issue arises in the CipherEngine, which uses a standard equality operator to verify the HMAC-SHA256 integrity seal during decryption. This approach creates an observable timing discrepancy, allowing potential attackers to bypass file integrity checks by measuring the time taken for comparisons and exploiting the differences.

Impact

Exploitation of this vulnerability allows attackers to tamper with encrypted .mojic files, forging valid HMAC signatures and bypassing integrity checks. This could lead to arbitrary code injection when the modified files are decrypted and processed.

Reproduction

The vulnerability can be reproduced by using Mojic versions 2.1.3 or earlier to encrypt a file with a HMAC-SHA256 integrity seal. After encryption, an attacker can modify the signature byte-by-byte, timing the changes to create a forged signature that is accepted as valid during decryption.

Remediation

Users can upgrade to Mojic version 2.1.4 or later, where this vulnerability has been fixed.