CVE-2021-32738

Utils.readChallengeTx does not verify the server account signature

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The `Utils.readChallengeTx` function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the `serverAccountID` has signed the transaction. In js-stellar-sdk before version 8.2.3, the function does not verify that the server has signed the transaction. Applications that also used `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction. Applications calling `Utils.readChallengeTx` should update to version 8.2.3, the first version with a patch for this vulnerability, to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction.

js-stellar-sdk es una biblioteca de Javascript para comunicarse con un servidor Stellar Horizon. La función "Utils.readChallengeTx" usada en SEP-10 Stellar Web Authentication declara en la documentación de su función que lee y comprueba la transacción del reto incluyendo la comprobación de que el "serverAccountID" ha firmado la transacción. En js-stellar-sdk versiones anteriores a 8.2.3, la función no comprueba que el servidor haya firmado la transacción. Las aplicaciones que también usaban "Utils.verifyChallengeTxThreshold" o "Utils.verifyChallengeTxSigners" para comprobar las firmas, incluyendo la firma del servidor en la transacción de desafío, no se ven afectadas ya que esas funciones comprueban que el servidor ha firmado la transacción. Las aplicaciones que llaman a "Utils.readChallengeTx" deberían actualizar a la versión 8.2.3, la primera versión con un parche para esta vulnerabilidad, para asegurarse de que la transacción de desafío es completamente válida y está firmada por el servidor que crea la transacción de desafío

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-05-12 CVE Reserved
2021-07-02 CVE Published
2023-03-08 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication
CWE-347: Improper Verification of Cryptographic Signature

CAPEC

References (2)

URL	Tag	Source
https://github.com/stellar/js-stellar-sdk/releases/tag/v8.2.3	Release Notes
https://github.com/stellar/js-stellar-sdk/security/advisories/GHSA-6cgh-hjpw-q3gq	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Stellar Search vendor "Stellar"		Js-stellar-sdk Search vendor "Stellar" for product "Js-stellar-sdk"				< 8.2.3 Search vendor "Stellar" for product "Js-stellar-sdk" and version " < 8.2.3"		node.js		Affected