Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hash Generated Using Broken Cryptography API (SHA1) #685

Open
JayP2405 opened this issue Jul 15, 2024 · 6 comments
Open

Hash Generated Using Broken Cryptography API (SHA1) #685

JayP2405 opened this issue Jul 15, 2024 · 6 comments

Comments

@JayP2405
Copy link

JayP2405 commented Jul 15, 2024
edited
Loading

Hash Generated Using Broken Cryptography API (SHA1)

Severity: Medium
Exploitability: Difficult
CVSS: 4.0

Note: SocketRocket is being used in my application through react native project (as pod dependency). Several security vulnerabilities have been identified having root causes in files of SocketRocket.

The following code locations within the App use 'CC_SHA1' or 'CryptoKit.Insecure.SHA1' functions to generate a message digest:
unsymbolicated_function calls_CC_SHA1()

The vulnerable code locations use the 'CC_SHA1' or 'CryptoKit.Insecure.SHA1' hashing functions, which leverage hashing algorithms that are proven to be vulnerable to collision attacks, and are unsuitable for modern use.

Apple officially considers this algorithm insecure. They state in iOS 13 CryptoKit documentation:

This hash algorithm isn't considered cryptographically secure, but is provided for backward compatibility with older services that require it. For new services, prefer one of the secure hashes, like SHA512.

Recommendation:
Switch each usage of these outdated hashing functions to use a stronger algorithm with better collision resistance properties, such as SHA-256 or SHA-512.

ScreenShot: N/A

Stack Trace:
The following related source code symbols were identified:

- [SRDelegateController setAvailableDelegateMethods:]
- [SRDelegateController availableDelegateMethods]
- [SRIOConsumer resetWithScanner:handler:bytesNeeded:readToCurrentFrame:unmaskBytes:]
- [_OBJC_CLASS_$_NSData dataWithBytes:length:]

Analysis:

Impacted Files:

  • SocketRocket > Internal > Delegate > SRDelegateController.m
  • SocketRocket > Internal > IOConsumer > SRIOConsumer.m
  • SocketRocket > Internal > Utilities > SRHash.m

Note: There can be other such impacted files as well. As of now, I could able to locate above three based on provided stack trace details.
@JayP2405
Copy link
Author

JayP2405 commented Jul 29, 2024
edited
Loading

Can someone please help on this!!?
@facebookincubator
@nlutsenko @cipolleschi

@cipolleschi
Copy link

Thanks for reporting and sorry for the delay, these have been a couple of busy weeks.
I'll try to get to it as soon as I can.

@JayP2405 JayP2405 closed this as completed Aug 8, 2024
@JayP2405 JayP2405 reopened this Aug 8, 2024
@JayP2405
Copy link
Author

JayP2405 commented Aug 8, 2024

Thanks for reporting and sorry for the delay, these have been a couple of busy weeks. I'll try to get to it as soon as I can.

@cipolleschi please can this issue be taken on priority to fix?
I'd really appreciate your cooperation.

@JayP2405
Copy link
Author

@cipolleschi @nlutsenko @facebookincubator
Any updates, please?

@SumitTikole
Copy link

I too am facing this in one of my application. Does anyone has any solution for this? Please help.

@JayP2405
Copy link
Author

JayP2405 commented Oct 1, 2024

Is anyone looking into this??
@cipolleschi @nlutsenko

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cipolleschi @SumitTikole @JayP2405