RELATE Courseware Timing Attack Vulnerability in Token Authentication
Vulnerability
A timing attack vulnerability has been identified in the RELATE web-based courseware package, specifically in the authentication method used for sign-in tokens. This vulnerability is present in versions of the courseware through 2024.1. The issue arises because the equality operator in Python compares strings in a way that can be exploited to leak valid tokens one byte at a time by measuring response times. The vulnerable code is located in the 'check_sign_in_key' function of 'course/auth.py', as well as in 'EmailedTokenBackend.authenticate()'.
Impact
Exploitation of this vulnerability allows for a timing attack where an attacker can deduce valid sign-in tokens by measuring the time it takes to compare tokens during the authentication process. This could potentially lead to unauthorized access if the tokens are used for authentication.
Remediation
The vulnerability has been patched in the RELATE courseware package. Users should update to the version that includes the commit 2f68e16.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.