MIME-Version: 1.0 Date: Wed, 17 Jun 2020 10:30:43 -0700 References: In-Reply-To: Message-ID: Subject: Re: [Security] improper use of symmetric encryption in UniFi inform protocol From: Jade Auer To: Security Team Content-Type: multipart/alternative; boundary="000000000000ff645905a84b0482" --000000000000ff645905a84b0482 Content-Type: text/plain; charset="UTF-8" Unfortunately I won't be able to report via HackerOne. The terms and conditions contained in the "Guidelines for Platform Products" portion of your HackerOne policy aren't something that I'm comfortable accepting. On Wed, Jun 17, 2020 at 3:04 AM Security Team wrote: > Hello Jade, > > Can you report this via hackerone.com/ui ? We manage everything including > CVE requests if needed directly from there. > > Thank you, > Security Team > > On Wed, Jun 17, 2020 at 3:34 AM Jade Auer wrote: > >> Good morning, >> >> # Vulnerability >> (see also: attached) >> Affected product: UniFi controller 5.12.72, USMINI 1.6.1.525 (among >> others) >> Note: all versions of UniFi controller and device software to date are >> believed to be affected. >> >> Description: use of symmetric encryption instead of asymmetric encryption >> (e.g. TLS) permits observation of traffic without MITM. Use of static >> initial key means any future key exchange should be assumed to be >> compromised. >> See also: CWE-300, CWE-321, CWE-322, CWE-656 >> >> Exploit: See attached for example from program extracting keys from pcap >> of device adoption traffic. >> >> Impact: Loss of user privacy, potentially remote root via MITM to inject >> crafted inform responses. >> >> How was this found? Considering implications of protocol design choices >> while reading various 3rd party implementations of the inform protocol. >> >> When was this found? 22 May 2020 >> >> Mitigation: Use JSON over TLS for inform request/response instead of >> implementing bespoke encoding methods with symmetric encryption. >> >> # Disclosure Plans >> I have already reported this vulnerability to the following vendors and >> organizations: Facebook (other members of security staff for peer review >> and internal mitigation) >> >> Is this vulnerability being publicly discussed? No, however all the data >> required to discover vulnerability are in public. For example: >> https://jrjparks.github.io/unofficial-unifi-guide >> >> Is there evidence that this vulnerability is being actively exploited? no. >> >> I plan to publicly disclose this on 17 August 2020 (30 days from now) at >> https://jade.wtf/words/unifi-inform-crypto/ >> Up to 90 days if delay will meaningfully enable mitigation. Within 14 >> days if y'all do not consider this a vulnerability. >> >> As Ubiquiti is not a CVE Numbering Authority, I intend to request a CVE >> from MITRE on confirmation that one does not already exist, or on 25 July >> 2020 absent other communication on this issue. >> >> # Reporter >> Name: Jade Auer >> Email: jade@trashwitch.dev >> >> Thanks, >> -Jade >> >> --000000000000ff645905a84b0482 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Unfortunately=C2=A0I won't be able to= report via HackerOne.
The terms and conditions contained in the "G= uidelines for Platform Products" portion of your HackerOne policy aren= 't something that I'm comfortable accepting.

On Wed, Jun 17, 202= 0 at 3:04 AM Security Team <security@= ui.com> wrote:
Hello Jade,

Can = you report this via h= ackerone.com/ui ? We manage everything including CVE requests if needed= directly from there.

Thank you,
Securit= y Team

On Wed, Jun 17, 2020 at 3:34 AM Jade Auer <jade@trashwitch.dev&= gt; wrote:
Good morning,

# Vulnerability
(see also: attache= d)
Affected product: UniFi controller 5.12.72, USMINI 1.6.1.525 (among o= thers)
Note: all versions of UniFi controller and device software=C2=A0t= o date=C2=A0are believed to be affected.

Description: use= of symmetric encryption instead of asymmetric=C2=A0encryption (e.g. TLS) p= ermits observation of traffic without MITM. Use of static initial key means= any future key exchange should be assumed to be compromised.
See also: = CWE-300, CWE-321, CWE-322, CWE-656

Exploit: See at= tached for example from program extracting keys from pcap of device adoptio= n traffic.

Impact: Loss of user privacy, potential= ly remote root via MITM to inject crafted inform responses.

<= /div>
How was this found? Considering implications of protocol design c= hoices while reading various 3rd party implementations of the inform protoc= ol.

When was this found? 22 May 2020

Mitigation: Use JSON ove= r TLS for inform=C2=A0request/response instead of implementing bespoke enco= ding methods with symmetric encryption.

# Disclosure PlansI have already reported this vulnerability to the following vendors and or= ganizations: Facebook (other members of security staff for peer review and = internal mitigation)

Is this vulnerability being publicly= discussed? No, however all the data required to discover vulnerability=C2= =A0are in public. For example:=C2=A0https://jrjparks.github.io/unoffic= ial-unifi-guide=C2=A0=C2=A0

Is there evidence = that this vulnerability is being actively exploited? no.

I plan to publicly disclose this on 17 August 2020 (30 days from now= ) at https://jade.wtf/words/unifi-inform-crypto/
Up to 90 days if del= ay will meaningfully=C2=A0enable mitigation. Within 14 days if y'all do= not consider=C2=A0this a vulnerability.

As Ubiquiti is not a CVE Nu= mbering Authority, I intend to request a CVE from MITRE on confirmation tha= t one does not already exist, or on 25 July 2020 absent other communication= on this issue.

# Reporter
Name: Jade Auer
Email: jade@trashwitch.dev=

Thanks,
-Jade

--000000000000ff645905a84b0482--