Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses

[Fabian Bäumer <fabian.baeumer () rub de>]

> Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email.
Yes, but only through brute-force. The one-way property of MD5 is still 
unbroken.

> The official recommendation is to use SHA256 instead.
This doesn't change a thing. You may as well brute-force SHA256 thus the 
information leakage remains the same.

I'd recommend to switch to using HMAC (with SHA256 for good measure) as 
a keyed pseudo-random function here. When the secret ist kept - well - 
secret, negligible information about the user's email address is leaked. 
Performing brute-force without knowledge of the secret key is also not 
tractable.

Side note: This change does take away Gravatar's global property (i.e. 
across multiple sites). I can't think of a straightforward way to 
achieve global avatars without leaking any information about the user. 
However, if the goal here is to have a simple avatar picture this should 
be fine.

M. Sc. Fabian Bäumer

Chair for Network and Data Security
Ruhr University Bochum
Universitätsstr. 150, Building MC 4/145
44780 Bochum
Germany

Am 25.09.24 um 08:28 schrieb Enxin Xie:
> Severity: low
>
> Affected versions:
>
> - Apache Answer through 1.3.5
>
> Description:
>
> Inadequate Encryption Strength vulnerability in Apache Answer.
>
> This issue affects Apache Answer: through 1.3.5.
>
> Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The 
> official recommendation is to use SHA256 instead.
> Users are recommended to upgrade to version 1.4.0, which fixes the issue.
>
> Credit:
>
> 张岳熙 (reporter)
>
> References:
>
> https://answer.incubator.apache.org
> https://www.cve.org/CVERecord?id=CVE-2024-40761

Attachment: smime.p7s
Description: Kryptografische S/MIME-Signatur