Bug 1608153 (CVE-2018-1000620)

Summary: CVE-2018-1000620 nodejs-cryptiles: Insecure randomness causes the randomDigits() function returns a pseudo-random data string biased to certain digits
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ahardin, bdettelb, bleanhar, cbyrne, ccoleman, cmacedo, dedgar, dffrench, drusso, eparis, hhorak, jgoulding, jmadigan, jokerman, jorton, jshepherd, lgriffin, mchappel, ngough, nodejs-sig, pwright, tchollingsworth, thrcka, tomckay, trepel, zsvetlik
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: nodejs-cryptiles 4.1.2 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the nodejs-cryptiles library prior to version 4.1.2. Previous versions do not implement cryptographically secure randomness resulting in the randomDigits() function returning a pseudo-random data string biased to certain digits. An attacker could exploit this to guess the generated digits.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:34:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1608154, 1608155    
Bug Blocks: 1608156    

Description Sam Fowler 2018-07-25 04:50:49 UTC 
nodejs-cryptiles before version 4.1.2 does not implement cryptographically secure randomness resulting in the randomDigits() function return a pseudo-random data string biased to certain digits. An attacker could exploit this to guess the generated digits.


Upstream Issue:

https://github.com/hapijs/cryptiles/issues/34

Upstream Patch:

https://github.com/hapijs/cryptiles/commit/9332d4263a32b84e76bf538d7470d01ea63fa047
Comment 1 Sam Fowler 2018-07-25 04:51:23 UTC 
Created nodejs-cryptiles tracking bugs for this issue:

Affects: epel-all [bug 1608155]
Affects: fedora-all [bug 1608154]
Comment 2 Scott Gayou 2018-07-30 19:24:50 UTC 
Cryptiles in rh-nodejs6-nodejs-cryptiles is 2.05, uses the crypto library for RNG, and does not include the randomDigits function addressed in CVE-2018-1000620. Furthermore, it looks as though the randomBits function remains the same. Hence, rh-nodejs6-nodejs-cryptiles looks notaffected.
Comment 3 Scott Gayou 2018-07-30 20:13:15 UTC 
Cryptiles in rh-nodejs8-nodejs is a dependency of Hawk and is bundled with it. While the CVE-2018-1000620 does apply to the version of exports.randomDigits bundles with this version of Cryptiles, the Hawk package does NOT call the randomDigits function. Instead, it makes use of randomString and fixedTimeComparison. Thus, this package is notaffected by the CVE.
Comment 4 Jason Shepherd 2019-01-25 02:11:47 UTC 
Excluding all the hawk dependencies from RHMAP leaves this list. Hawk was excluded because of the information in comment #3.

rhmap-fh-metrics-container-3.2.1-1/nodejs-cryptiles-3.1.2
- Caught by Synk upstream but not addressed yet: https://github.com/feedhenry/fh-metrics-client/pull/6
- It's not actually used in the code, so setting notaffected.

redhat_mobile_platform_onpremise:4.7.0/rhmap-fh-appstore-container-2.1.3-1/nodejs-cryptiles-3.1.2/nodejs-boom-5.2.0
- It's not actually used in the code, so setting notaffected.
Comment 5 Jason Shepherd 2021-03-19 06:20:50 UTC 
Statement:

Red Hat Quay imports nodejs-crypttiles as a development dependency. Reducing the impact of Red Hat Quay to low.