Bug 2442232 (CVE-2026-3099)

Summary: CVE-2026-3099 libsoup: Libsoup: Authentication bypass via digest authentication replay attack
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2442233, 2442234, 2442235    
Bug Blocks:    

Description OSIDB Bzimport 2026-02-24 07:35:07 UTC 
DESCRIPTION

Here, I had found another flaw in Libsoup's server-side digest authentication implementation. The SoupAuthDomainDigest class fails to track issued nonces or enforce the incrementing nonce-count (nc) attribute required by the Digest Auth standard.
The validation logic in check_hex_urp performs a purely mathematical verification. It recomputes the expected hash without verifying if the nonce was actually generated by the server or if the nc value is being reused. This allows an attacker who captures a single valid Authorization header to replay it indefinitely, bypassing authentication and accessing protected resources as the victim.

VULNERABILITY DETAILS

The vulnerability exists in libsoup/server/soup-auth-domain-digest.c due to a "stateless" design choice that violates security standard.
-Stateless Validation: The function check_hex_urp validates the response hash but fails to check against a store of active, issued nonces.
-Missing Nonce-Count Check (The Main Flaw): RFC 7616 explicitly states that the server MUST verify that the nc (nonce-count) value increases for each request using the same nonce.
In soup-auth-domain-digest.c (around lines 265-), the code parses the nonce count:


nonce_count = strtoul (nc, NULL, 16);
if (nonce_count <= 0)
return FALSE;


Here, it do checks that nonce_count is positive, but it never compares it to a previously seen value for that nonce. It simply accepts any positive integer, allowing attackers to reuse nc=00000001 infinitely.
-Insecure Nonce Generation: Nonces are generated using time(0) and the message pointer address. They are not cryptographically signed (HMAC) and are never expired by the server, creating an infinite window for replay attacks.