CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS
Percentile
58.5%
Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connection#start_tls
method in EventMachine to implement the TLS handshake whenever a wss:
URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any https:
or wss:
connection made using these libraries is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to.
The first request a Faye client makes is always sent via normal HTTP, but later messages may be sent via WebSocket. Therefore it is vulnerable to the same problem that these underlying libraries are, and we needed both libraries to support TLS verification before Faye could claim to do the same. Your client would still be insecure if its initial HTTPS request was verified, but later WebSocket connections were not.
This has been a requested feature in EventMachine for many years now; see for example #275, #378, and #814. In June 2020, em-http-request published an advisory related to this problem and fixed it by implementing TLS verification in their own codebase; although EventMachine does not implement certificate verification itself, it provides an extension point for
the caller to implement it, called ssl_verify_peer
. Based on this implementation, we have incorporated similar functionality into faye-websocket.
After implementing verification in v1.1.6, em-http-request has elected to leave the :verify_peer
option switched off by default. We have decided to enable this option by default in Faye, but are publishing a minor release with added functionality for configuring it. We are mindful of the fact that this may break existing programs, but we consider it much more important that all clients have TLS verification turned on by default. A client that is not carrying out verification is either:
The latter case includes situations like talking to a non-public server using a self-signed certificate. We consider this use case to be “working by accident”, rather than functionality that was actively supported, and it should be properly and explicitly supported instead.
We are releasing Faye v1.4.0, which enables verification by default and provides a way to opt out of it:
client = Faye::Client.new('https://example.com/', tls: { verify_peer: false })
Unfortunately we can’t offer an equivalent of the :root_cert_file
option that has been added to faye-websocket, because em-http-request does not support it. If you need to talk to servers whose certificates are not recognised by your default root certificates, then you need to add its certificate (or another one that can verify it) to your system’s root set.
The same functionality is now supported in the Node.js version, with a tls
option whose values will be passed to the https
and tls
modules as appropriate when making connections. For example, you can provide your own CA certificate:
var client = new faye.Client('https://example.com/', {
tls: {
ca: fs.readFileSync('path/to/certificate.pem')
}
});
For further background information on this issue, please see faye#524 and faye-websocket#129. We would like to thank Tero Marttila and Daniel Morsing for providing invaluable assistance and feedback on this issue.
blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/
github.com/advisories/GHSA-3q49-h8f9-9fr9
github.com/eventmachine/eventmachine/issues/275
github.com/eventmachine/eventmachine/issues/814
github.com/eventmachine/eventmachine/pull/378
github.com/faye/faye-websocket-ruby/pull/129
github.com/faye/faye/issues/524
github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9
github.com/igrigorik/em-http-request/pull/340
github.com/rubysec/ruby-advisory-db/blob/master/gems/faye/CVE-2020-15134.yml
nvd.nist.gov/vuln/detail/CVE-2020-15134
securitylab.github.com/advisories/GHSL-2020-094-igrigorik-em-http-request
www.rubydoc.info/github/eventmachine/eventmachine/EventMachine/Connection:ssl_verify_peer
www.rubydoc.info/github/eventmachine/eventmachine/EventMachine/Connection:start_tls
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS
Percentile
58.5%