exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Windows Credential Guard Non-Constant Time Comparison Information Disclosure

Windows Credential Guard Non-Constant Time Comparison Information Disclosure
Posted Sep 9, 2022
Authored by James Forshaw, Google Security Research

On Windows, the handling of cryptographic data comparison in the CG secure process does not use constant time algorithms resulting in information disclosure.

tags | advisory, info disclosure
systems | windows
advisories | CVE-2022-34704
SHA-256 | 1eae27125e32160c8f3573cd0f12536dc12d59971e45282431a815f2a69f4009

Windows Credential Guard Non-Constant Time Comparison Information Disclosure

Change Mirror Download
Windows: Credential Guard Non-Constant Time Comparison Information Disclosure
Platform: Windows 10+
Class: Information Disclosure
Security Boundary: Virtual Secure Mode

Summary:
The handling of cryptographic data comparison in the CG secure process doesn't use constant time algorithms resulting in information disclosure.

Description:
The CG RPC APIs contain a number of functions which take an encrypted blob of some kind and compare it to another value provided by the user. For example the NtlmIumComparePasswordToProtectedPassword API compares an encrypted LSAISO password to a plain text password and returns a true value if the decrypted password is a match.

The implementation of NtlmIumComparePasswordToProtectedPassword calls RtlEqualUnicodeString (well actually via a thin wrapper) to compare the decrypted password to the plain text password. This API is _NOT_ constant time, it does character by character comparison and exits at the first non-matching character. This is a classic example of a timing attack against a cryptographic system.

Some other APIs are KerbIumAreEncryptedBuffersEqual which basically compares two encrypted passwords again with RtlEqualUnicodeString and KerbIumAreEncryptionKeysEqual which compares encrypted keys. In this case it uses RtlCompareMemory which is not constant time but realistically would be hard to exploit due to using optimized comparison operations. There are probably other APIs I'm missing.

Such comparisons should realistically be replaced with constant time equivalents so that they can't be exploited to disclose encrypted data through timing attacks. The password APIs using RtlEqualUnicodeString are especially worrisome. How practical they are to attack in reality is another matter.

Proof of Concept:

I've not provided any PoC for these issues. However I've verified that the comparisons used by the described functions are not constant time.

This bug is subject to a 90-day disclosure deadline. If a fix for this
issue is made available to users before the end of the 90-day deadline,
this bug report will become public 30 days after the fix was made
available. Otherwise, this bug report will become public at the deadline.
The scheduled deadline is 2022-08-25.

Related CVE Numbers: CVE-2022-34704,CVE-2022-34704.



Found by: forshaw@google.com

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close