Comments (7)
Hi Seong-Joong. Thank you for reporting this issue. The code fix looks good too.
I would like to try to reproduce the issue. Is there a simple way to reproduce it?
from google-api-cpp-client.
Thank you for your prompt reply.
In my PoC, ‘set_default_scopes’ function is called with ‘profile/email’ parameters as follows;
std::unique_ptr<OAuth2ServiceAccountFlow> flow_;
flow_->set_default_scopes(“profile email”);
After I received a token, it contains ID token in forms of JWT.
Currently, it occurred about type handling issue of ‘exp’ in JWT.
from google-api-cpp-client.
Hi all,
In addition to the above reproducible case, it happens when either 'profile' or 'email' is specified on 'set_default_scopes' function.
After the execution, authentication server returns 'ID token' in forms of JWT (JSON Web Token), that contains an 'exp' element as integers, not a string (see RFC7519).
Before applying this patch, it cannot parse the 'exp' element in JWT properly.
Please check again.
Many thanks!!
from google-api-cpp-client.
@SurferJeffAtGoogle
What do you think of it as security issue?
I think that it can be used for denial of service attack.
Description
An exploitable unhandled exception vulnerability exists during Google Sign-In with ‘google-api-cpp-client’.
On an OAuth2.0 client, ID token handling can cause an unhandled exception resulting in denial of service.
Once a 3rd party service uses Google Sign-in with ‘google-api-cpp-client’, a malicious user can trigger this vulnerability by requesting the client to receive the user’s ID token from an Google's authentication server.
Attack vector
If a 3rd party service uses Google Sign-In with an app or site via ‘google-api-cpp-client’, malicious user can make Google’s authentication server send the user’s ID token to the client on 3rd party.
During type handling in ID token, it can cause an unhandled exception resulting in denial of service on 3rd party service.
After then other users can no longer login/sign-in to the 3rd party service.
Vulnerability type
CWE-754: Improper Check for Unusual or Exceptional Conditions
Sincerely,
from google-api-cpp-client.
from google-api-cpp-client.
Thank you for your reply.
I am not talking about flaws of token exposure.
Instead, I just mentioned that above wrong type handling causes an unhandled exception, resulting in denial of service on 3rd party application with Google Sign-In service.
Similarly, there exist several vulnerabilities related to wrong type handling in client libraries.
They mishandled or unhandled certain exceptions, leading to a denial of service in applications that use these libraries.
: CVE-2017-12119, CVE-2018-12680, CVE-2019-9628, etc.
from google-api-cpp-client.
Thanks for filing the issue, but we deprecated this repository, so closing.
from google-api-cpp-client.
Related Issues (20)
- Can't build: struct mg_callbacks callbacks_; isn't defined HOT 3
- Calendar sample program does not work well, HOT 1
- Mac build fails if space in path HOT 1
- Support for account default credentials HOT 1
- Update prepare_dependencies.py download paths HOT 3
- Please provide some examples.
- glog-0.3.3.tar.gz into glog-0.3.3
- Mismatch between functions that take StringPieces and functions that take strings causes runtime errors. HOT 1
- Failure Building Clients for Other APIs HOT 2
- Retry when Status Code 403 Forbidden HOT 1
- First upload to GCS always times out HOT 3
- undefined reference to `googleapis::client::New .... HOT 1
- Latest downloaded generated bigquery code is incompatible with latest framework code HOT 1
- does this work on windows? HOT 1
- Incompatible dependencies when linking HOT 2
- HAVE_UGO_PERMISSIONS and HAVE_FSTAT64 always fail HOT 1
- Tons of depreciation warnings during compile HOT 1
- More samples needed HOT 2
- std::cout missing #include <iostream> HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from google-api-cpp-client.