Opened 5 weeks ago

#32150 new defect

nsHttpDigestAuth cnonce exposes rand() values

Reported by: acat Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Similar concerns as #22919.

rand() is used to calculate the cnonce in https://searchfox.org/mozilla-esr68/rev/8a8a004bc8de67bab762f1dfcea7683ba81311ce/netwerk/protocol/http/nsHttpDigestAuth.cpp#300, which is sent to the server.

Even though it's only leaking some bits per rand() call, it might still be possible to recover the seed (e.g. with something like https://github.com/Z3Prover/z3, or maybe easier, not sure). Depending on how often srand is called this might be equivalent to a session id (per content process?). Well, the usual problems that guessing the seed of a global PRNG has.

I think we should investigate this, or just directly patch as I don't see many drawbacks of having secure random numbers here.

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.