Source: gokey Version: 0.1.2-1 Severity: grave Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for gokey. CVE-2025-13353[0]: | In gokey versions <0.2.0, a flaw in the seed decryption logic | resulted in passwords incorrectly being derived solely from the | initial vector and the AES-GCM authentication tag of the key seed. | This issue has been fixed in gokey version 0.2.0. This is a breaking | change. The fix has invalidated any passwords/secrets that were | derived from the seed file (using the -s option). Even if the input | seed file stays the same, version 0.2.0 gokey will generate | different secrets. Impact This vulnerability impacts generated | keys/secrets using a seed file as an entropy input (using the -s | option). Keys/secrets generated just from the master password | (without the -s option) are not impacted. The confidentiality of | the seed itself is also not impacted (it is not required to | regenerate the seed itself). Specific impact includes: * | keys/secrets generated from a seed file may have lower entropy: it | was expected that the whole seed would be used to generate keys (240 | bytes of entropy input), where in vulnerable versions only 28 bytes | was used * a malicious entity could have recovered all | passwords, generated from a particular seed, having only the seed | file in possession without the knowledge of the seed master | password Patches The code logic bug has been fixed in gokey | version 0.2.0 and above. Due to the deterministic nature of gokey, | fixed versions will produce different passwords/secrets using seed | files, as all seed entropy will be used now. System secret | rotation guidance It is advised for users to regenerate | passwords/secrets using the patched version of gokey (0.2.0 and | above), and provision/rotate these secrets into respective systems | in place of the old secret. A specific rotation procedure is | system-dependent, but most common patterns are described below. | Systems that do not require the old password/secret for rotation | Such systems usually have a "Forgot password" facility or a similar | facility allowing users to rotate their password/secrets by sending | a unique "magic" link to the user's email or phone. In such cases | users are advised to use this facility and input the newly | generated password secret, when prompted by the system. Systems | that require the old password/secret for rotation Such systems | usually have a modal password rotation window usually in the user | settings section requiring the user to input the old and the new | password sometimes with a confirmation. To generate/recover the old | password in such cases users are advised to: * temporarily | download gokey version 0.1.3 | https://github.com/cloudflare/gokey/releases/tag/v0.1.3 for their | respective operating system to recover the old password * use | gokey version 0.2.0 or above to generate the new password * | populate the system provided password rotation form Systems that | allow multiple credentials for the same account to be provisioned | Such systems usually require a secret or a cryptographic key as a | credential for access, but allow several credentials at the same | time. One example is SSH: a particular user may have several | authorized public keys configured on the SSH server for access. For | such systems users are advised to: * generate a new | secret/key/credential using gokey version 0.2.0 or above * | provision the new secret/key/credential in addition to the existing | credential on the system * verify that the access or required | system operation is still possible with the new | secret/key/credential * revoke authorization for the | existing/old credential from the system Credit This | vulnerability was found by Théo Cusnir ( @mister_mime | https://hackerone.com/mister_mime ) and responsibly disclosed | through Cloudflare's bug bounty program. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-13353 https://www.cve.org/CVERecord?id=CVE-2025-13353 [1] https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm Regards, Salvatore
