CVE-2023-45669 - OpenCVE

WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version `0.9.1.RELEASE`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Webauthn4j	Spring Security

Configuration 1 [-]

cpe:2.3:a:webauthn4j:spring_security:*:*:*:*:*:spring:*:*

No data.

References

Link	Providers
https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725
https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j
https://nvd.nist.gov/vuln/detail/CVE-2023-45669
https://www.cve.org/CVERecord?id=CVE-2023-45669
https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-16T18:20:50.301Z

Updated: 2024-09-13T19:36:56.097Z

Reserved: 2023-10-10T14:36:40.860Z

Link: CVE-2023-45669

Vulnrichment

Updated: 2024-08-02T20:21:16.826Z

NVD

Status : Analyzed

Published: 2023-10-16T19:15:11.167

Modified: 2023-10-20T12:17:31.490

Link: CVE-2023-45669

Redhat

Severity : Moderate

Publid Date: 2023-10-16T00:00:00Z

Links: CVE-2023-45669 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45669", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-10T14:36:40.860Z", "datePublished": "2023-10-16T18:20:50.301Z", "dateUpdated": "2024-09-13T19:36:56.097Z"}, "containers": {"cna": {"title": "Improper signature counter value handling in webauthn4j-spring-security ", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j"}, {"name": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725", "tags": ["x_refsource_MISC"], "url": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725"}, {"name": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter", "tags": ["x_refsource_MISC"], "url": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter"}], "affected": [{"vendor": "webauthn4j", "product": "webauthn4j-spring-security", "versions": [{"version": "< 0.9.1.RELEASE", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-16T18:20:50.301Z"}, "descriptions": [{"lang": "en", "value": "WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version `0.9.1.RELEASE`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"}], "source": {"advisory": "GHSA-v9hx-v6vf-g36j", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:21:16.826Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j"}, {"name": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725"}, {"name": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-13T19:22:47.004409Z", "id": "CVE-2023-45669", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T19:36:56.097Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j", "name": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725", "name": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter", "name": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:21:16.826Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-45669", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-13T19:22:47.004409Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T19:36:48.667Z"}}], "cna": {"title": "Improper signature counter value handling in webauthn4j-spring-security ", "source": {"advisory": "GHSA-v9hx-v6vf-g36j", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "webauthn4j", "product": "webauthn4j-spring-security", "versions": [{"status": "affected", "version": "< 0.9.1.RELEASE"}]}], "references": [{"url": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j", "name": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725", "name": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725", "tags": ["x_refsource_MISC"]}, {"url": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter", "name": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version `0.9.1.RELEASE`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-16T18:20:50.301Z"}}}, "cveMetadata": {"cveId": "CVE-2023-45669", "state": "PUBLISHED", "dateUpdated": "2024-09-13T19:36:56.097Z", "dateReserved": "2023-10-10T14:36:40.860Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-10-16T18:20:50.301Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webauthn4j:spring_security:*:*:*:*:*:spring:*:*", "matchCriteriaId": "C036992E-5946-498B-A788-E72C49955376", "versionEndExcluding": "0.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version `0.9.1.RELEASE`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"}, {"lang": "es", "value": "WebAuthn4J Spring Security proporciona soporte de especificaci\u00f3n de autenticaci\u00f3n web para aplicaciones Spring. Las versiones afectadas est\u00e1n sujetas a un manejo inadecuado del valor del contador de firmas. Se encontr\u00f3 una falla en webautn4j-spring-security-core. Cuando un autenticador devuelve un valor de contador de firma incrementado durante la autenticaci\u00f3n, webauthn4j-spring-security-core no conserva correctamente el valor, lo que significa que la detecci\u00f3n del autenticador clonado no funciona. Un atacante que clon\u00f3 un autenticador v\u00e1lido de alguna manera puede utilizar el autenticador clonado sin ser detectado. Este problema se solucion\u00f3 en la versi\u00f3n `0.9.1.RELEASE`. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "id": "CVE-2023-45669", "lastModified": "2023-10-20T12:17:31.490", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-10-16T19:15:11.167", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j"}, {"source": "security-advisories@github.com", "tags": ["Technical Description"], "url": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "webauthn4j: improper signature counter value handling", "id": "2260177", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260177"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-287", "details": ["WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version `0.9.1.RELEASE`. Users are advised to upgrade. There are no known workarounds for this vulnerability."], "name": "CVE-2023-45669", "package_state": [{"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "keycloak-adapter-sso7_4-eap6", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "keycloak-adapter-sso7_5-eap6", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "com.webauthn4j-webauthn4j", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2023-10-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-45669\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-45669\nhttps://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725\nhttps://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j\nhttps://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter"], "threat_severity": "Moderate", "upstream_fix": "webauthn4j 0.9.1.RELEASE"}