GoogleOSV:GHSA-J72F-H752-MX4WInsertion of Sensitive Information into Log
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
41.3%
Impact
If successful login attempts are recorded, the raw tokens are stored in the log table.
If a malicious person somehow views the data in the log table, he or she can obtain a raw token, which can then be used to send a request with that user’s authority.
When you (1) use the following authentiactors,
- AccessTokens (
tokens) - JWT (
jwt) - HmacSha256 (
hmac)
and you (2) log successful login attempts, the raw tokens are stored.
Patches
Upgrade to Shield v1.0.0-beta.8 or later.
Workarounds
Disable logging for successful login attempts by the configuration files.
- AccessTokens or HmacSha256
- Set
Config\AuthToken::$recordLoginAttempttoAuth::RECORD_LOGIN_ATTEMPT_FAILUREorAuth::RECORD_LOGIN_ATTEMPT_NONE
- Set
- JWT
- Set
Config\AuthJWT::$recordLoginAttempttoAuth::RECORD_LOGIN_ATTEMPT_FAILUREorAuth::RECORD_LOGIN_ATTEMPT_NONE
- Set
References
For more information
If you have any questions or comments about this advisory:
- Open an issue or discussion in codeigniter4/shield
- Email us at [email protected]
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
41.3%