Advisory: Apache Shiro RememberMe Padding Oracle Vulnerability

Advisory: Apache Shiro RememberMe Padding Oracle Vulnerability

November 30, 2019 | Adeline Zhang

Vulnerability Description

In September 2019, Apache officially released a vulnerability topic “RememberMe Padding Oracle Vulnerability” numbered SHIRO-721. The issue pointed out that because the RememberMe field of the Apache Shiro cookie is encrypted by the AES-128-CBC mode, Shiro is vulnerable to Padding Oracle attacks. An attacker can use the Legal RememberMe cookie as the Padding Oracle attack prefix to construct RememberMe to trigger a Java deserialization attack. The attacker does not need to know the RememberMe encryption key when executing an attack. Apache Shiro is a powerful and easy-to-use Java security framework for performing authentication, authorization, passwords, and session management. Recently, it has been found that the use of this vulnerability has been spread in a small scope, and relevant users should take measures to protect against this vulnerability as soon as possible.

The attack steps are as follows:

  1. Log in to the Shiro website and get the RememberMe field from the cookie.
  2. Use the obtained RememberMe field as the prefix for Padding Oracle Attack.
  3. Encrypt the ysoserial serialized payload and construct the RememberMe field of Padding Oracle Attack.
  4. Send a request to the Shiro website with the newly constructed RememberMe cookie to perform a Java deserialization attack.

Reference:

https://issues.apache.org/jira/browse/SHIRO-721

Scope of Impact

Affected Versions

  • Apache Shiro 1.2.5,2.6,1.3.0,1.3.1,1.3.2,1.4.0-RC2,1.4.0,1.4.1

 Unaffected Versions

  • Apache Shiro-root-1.4.2-release-vote1(Upcoming release)

Mitigation

Apache has not released a fixed version for this vulnerability, It is recommended that users who are using affected version pay close attention to the updates from Apache.

Product Protection

Users deploying the NSFOCUS Web Application Protection System (WAF) can check the configuration of WAF protection parameters and policies to protect against this vulnerability:

  1. The exploitation of this vulnerability requires sending a very long message to the server, so the WAF not adjusted big data receiving buffer (default 4096) can protect against this vulnerability directly . Operators can follow the path System Manager -> System Parameter Configuration to view the bigdata receiving buffer.
  2. Because this vulnerability exploit is confirmed by error messages from the server, users can information leakage prevention policy on the server to block the abnormal response.

Workaround

  1. Developers can customize the encryption logic to avoid using the CBC cipher block link mode. The following CipherSuite is vulnerable to Padding Oracle attacks: (Shiro will release version 1.4.2 soon, in which the encryption mode will be replaced by GCM)
IDEA-CBC-SHA, EXP-DES-CBC-SHA, DES-CBC-SHA, DES-CBC3-SHA, EXP-DH-DSS-DES-CBC-SHA, DH-DSS-DES-CBC-SHA, DH-DSS-DES-CBC3-SHA, EXP-DH-RSA-DES-CBC-SHA, DH-RSA-DES-CBC-SHA, DH-RSA-DES-CBC3-SHA, EXP-DHE-DSS-DES-CBC-SHA, DHE-DSS-CBC-SHA, DHE-DSS-DES-CBC3-SHA, EXP-DHE-RSA-DES-CBC-SHA, DHE-RSA-DES-CBC-SHA, DHE-RSA-DES-CBC3-SHA, EXP-ADH-DES-CBC-SHA, ADH-DES-CBC-SHA, ADH-DES-CBC3-SHA, EXP-RC2-CBC-MD5, IDEA-CBC-SHA, EXP-DES-CBC-SHA, DES-CBC-SHA, DES-CBC3-SHA, EXP-DHE-DSS-DES-CBC-SHA, DHE-DSS-CBC-SHA, DHE-DSS-DES-CBC3-SHA, EXP-DHE-RSA-DES-CBC-SHA, DHE-RSA-DES-CBC-SHA, DHE-RSA-DES-CBC3-SHA, ADH-DES-CBC-SHA, ADH-DES-CBC3-SHA, AES128-SHA, AES256-SHA, DH-DSS-AES128-SHA, DH-DSS-AES256-SHA, DH-RSA-AES128-SHA, DH-RSA-AES256-SHA, DHE-DSS-AES128-SHA, DHE-DSS-AES256-SHA, DHE-RSA-AES128-SHA, DHE-RSA-AES256-SHA, ADH-AES128-SHA, ADH-AES256-SHA

 

  1. If RememberMe field is not necessary for you business, you can comment out the relevant codes on the front-end page and remove the relevant configuration in the configuration file. Shiro does not have RememberMe configured by default.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS  

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.