Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Timing Attack Reveals CSRF Tokens in oppia
Vulnerability Description
Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator (`==`), which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by character. Once they have recovered the token, they can then submit a forged request on behalf of a logged-in user and execute privileged actions on that user's behalf. In particular the function to validate received CSRF tokens is at `oppia.core.controllers.base.CsrfTokenManager.is_csrf_token_valid`. An attacker who can lure a logged-in Oppia user to a malicious website can perform any change on Oppia that the user is authorized to do, including changing profile information; creating, deleting, and changing explorations; etc. Note that the attacker cannot change a user's login credentials. An attack would need to complete within 1 second because every second, the time used in computing the token changes. This issue has been addressed in commit `b89bf80837` which has been included in release `3.3.2-hotfix-2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
通过差异性导致的信息暴露
Vulnerability Title
Oppia 安全漏洞
Vulnerability Description
Oppia是一种在线学习工具。用于轻松创建和共享交互式活动。 Oppia 1.1.0 到 3.3.2版本存在安全漏洞,该漏洞源于当将收到的 CSRF 令牌与预期令牌进行比较时,使用字符串相等运算符 ==,攻击者利用该漏洞可以通过重复提交无效令牌,逐个字符地暴力破解预期的 CSRF 令牌。
CVSS Information
N/A
Vulnerability Type
N/A