CVE-2023-45669
Improper signature counter value handling in webauthn4j-spring-security
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version `0.9.1.RELEASE`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
WebAuthn4J Spring Security proporciona soporte de especificación de autenticación web para aplicaciones Spring. Las versiones afectadas están sujetas a un manejo inadecuado del valor del contador de firmas. Se encontró una falla en webautn4j-spring-security-core. Cuando un autenticador devuelve un valor de contador de firma incrementado durante la autenticación, webauthn4j-spring-security-core no conserva correctamente el valor, lo que significa que la detección del autenticador clonado no funciona. Un atacante que clonó un autenticador válido de alguna manera puede utilizar el autenticador clonado sin ser detectado. Este problema se solucionó en la versión `0.9.1.RELEASE`. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-10-10 CVE Reserved
- 2023-10-16 CVE Published
- 2024-09-13 CVE Updated
- 2024-11-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter | Technical Description |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725 | 2023-10-20 |
URL | Date | SRC |
---|---|---|
https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j | 2023-10-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Webauthn4j Search vendor "Webauthn4j" | Spring Security Search vendor "Webauthn4j" for product "Spring Security" | < 0.9.1 Search vendor "Webauthn4j" for product "Spring Security" and version " < 0.9.1" | spring |
Affected
|