On 04/13/2012 02:38 PM, James A. Donald wrote:

To construct a case where length extension matters, one must
contrive a rather dreadful protocol.

http://vnhacker.blogspot.com/2009/09/flickrs-api-signature-forgery.html

Date Published: Sep. 28, 2009

Advisory ID: MOCB-01

Advisory URL:
http://netifera.com/research/flickr_api_signature_forgery.pdf

Title: Flickr's API Signature Forgery Vulnerability

Remotely Exploitable: Yes

[...] This advisory describes a vulnerability in the signing process
that allows an attacker to generate valid signatures without knowing
the shared secret. By exploiting this vulnerability, an attacker can
send valid arbitrary requests on behalf of any application using
Flickr's API. When combined with other vulnerabilities and attacks,
an attacker can gain access to accounts of users who have authorized
any third party application. Additionally, if an application uses
PHPFlickr >= 1.3.1, an attacker can trick users of that application
to visit arbitrary web sites. This may apply for other Flickr's API
libraries and applications as well. Flickr requires that all API
calls using an authentication token must be signed. In addition,
calls to the flickr.auth.* methods and the URLs that bring users to
the application authorization page must also be signed.

 [...]

The process of signing is as follows.

* Sort your argument list into alphabetical order based on the
parameter name.

* e.g. foo=1, bar=2, baz=3 sorts to bar=2, baz=3, foo=1

* concatenate the shared secret and argument name-value pairs

* e.g. SECRETbar2baz3foo1

* calculate the md5() hash of this string

* append this value to the argument list with the name api_sig, in
hexadecimal string form, e.g.
api_sig=1f3870be274f6c49b3e31a0c6728957f

[Hilarity ensues]

- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to