Search for packages
| purl | pkg:pypi/openssl-encrypt@0.3.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-448j-v9yq-xubg
Aliases: GHSA-h45m-mgcp-q388 |
openssl-encrypt: TOTP rate limiter is in-memory only — not shared across workers, lost on restart ## Severity: HIGH ### Summary The TOTP brute-force rate limiter in `openssl_encrypt_server/modules/pepper/totp.py` at **lines 47-98** uses an in-memory `defaultdict(list)` as a class variable. ### Affected Code ```python class TOTPRateLimiter: def __init__(self, ...): self.attempts: Dict[str, List[datetime]] = defaultdict(list) self.lockouts: Dict[str, datetime] = {} class TOTPService: _rate_limiter = TOTPRateLimiter() # Class variable, in-memory only ``` ### Impact 1. Rate limit state is **not shared** across multiple server instances/workers — an attacker can distribute attempts 2. All rate limit state is **lost on server restart** — allows immediate retry 3. In multi-worker deployments, each worker has independent rate limit state ### Recommended Fix - Use Redis or the database for rate limit state storage - Or use a shared-memory approach for multi-worker deployments - At minimum, persist lockout state to survive restarts ### Fix Fixed in commit `2749bc0` on branch `releases/1.4.x` — added abstract RateLimitBackend with InMemoryBackend and DatabaseBackend implementations; defaults to DatabaseBackend when DB available. |
Affected by 0 other vulnerabilities. |
|
VCID-68ty-4a7h-c7ev
Aliases: GHSA-8h88-gxp3-j7pg |
openssl-encrypt's unverified key bundle from_dict() + to_identity() path allows encryption to attacker keys ### Summary The `PublicKeyBundle.from_dict()` method in `openssl_encrypt/modules/key_bundle.py` at **lines 329-361** creates bundles from untrusted data without verifying the signature. The docstring warns to call `verify_signature()` after creation, but the `to_identity()` method (line 363-391) can convert an unverified bundle directly to an `Identity` object. ### Affected Code ```python @classmethod def from_dict(cls, data: Dict) -> "PublicKeyBundle": """ SECURITY: Does NOT verify signature. Call verify_signature() after creation. """ # Creates bundle without verification ``` ### Impact If `from_dict()` followed by `to_identity()` is called without an intervening `verify_signature()` call, encryption could be performed against an attacker's public key, leaking secrets. While `key_resolver.py` (lines 146-147) does verify before use, the unguarded API path remains directly callable. ### Recommended Fix - Add a `verified` flag to `PublicKeyBundle` that must be set before `to_identity()` can be called - Or have `to_identity()` automatically call `verify_signature()` and raise on failure - Or make `from_dict()` require verification as part of construction ### Fix Fixed in commit `f4a1ba6` on branch `releases/1.4.x` — from_dict() now verifies self_signature by default (verify=True parameter); raises ValueError on verification failure. |
Affected by 0 other vulnerabilities. |
|
VCID-cxsz-utx3-subs
Aliases: GHSA-vfgx-5q85-58q3 |
openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection ### Summary The `generate_pseudorandom_sequence()` function in `openssl_encrypt/plugins/steganography/core/utils.py` at **lines 89-91** uses Python's `random` module (Mersenne Twister) for steganographic pixel/sample selection. ### Affected Code ```python random.seed(seed) sequence = random.sample(range(max_value), min(length, max_value)) return sequence ``` Additionally, the steganography password is stored as a plain Python string (not `SecureBytes`) and only 8 bytes (64 bits) of the SHA-256 hash are used for the seed, reducing effective security to 64 bits. ### Impact The Mersenne Twister's state can be recovered from approximately 624 outputs. An attacker who knows or guesses the password can predict the PRNG sequence and determine exactly which pixels contain hidden data, potentially extracting the hidden data without the password. ### Recommended Fix - Use HMAC-DRBG or `secrets` module for cryptographically secure pixel selection - Use full 32-byte SHA-256 output as seed material - Store the password in `SecureBytes` instead of a plain string ### Fix Fixed in commit `09e96e0` on branch `releases/1.4.x` — replaced random.seed(hash(password)) with HMAC-SHA256 based CSPRNG (Fisher-Yates shuffle) and numpy Generator with HMAC-derived seeds across all steganography format modules. |
Affected by 0 other vulnerabilities. |
|
VCID-hm8x-xkx9-buam
Aliases: GHSA-c65f-x25w-62jv |
openssl-encrypt has CORS wildcard with allow_credentials=True in standalone servers ### Summary Both standalone servers configure CORS with `allow_origins=["*"]`, `allow_credentials=True`, `allow_methods=["*"]`, and `allow_headers=["*"]`. ### Affected Code ```python # server/key-server/app/main.py:86-92 # server/telemetry-server/app/main.py:23-29 app.add_middleware( CORSMiddleware, allow_origins=settings.cors_origins, # defaults to ["*"] allow_credentials=True, allow_methods=["*"], allow_headers=["*"], ) ``` The docker-compose file (`openssl_encrypt_server/docker-compose.yml:75`) also defaults `CORS_ORIGINS` to `*`, and `.env.example` ships with `CORS_ORIGINS=*`. ### Impact This is the most permissive CORS configuration possible, allowing any website to make fully credentialed cross-origin requests to the API. An attacker's website could make authenticated API calls on behalf of any user who visits it. ### Recommended Fix - Remove wildcard defaults — require explicit origin configuration - Never combine `allow_origins=["*"]` with `allow_credentials=True` - Update `.env.example` with placeholder domains instead of `*` ### Fix Fixed in commit `809416b` on branch `releases/1.4.x` — changed CORS default from ["*"] to [] in both key-server and telemetry-server; added validation rejecting wildcard when debug=False. |
Affected by 0 other vulnerabilities. |
|
VCID-hxs1-hpu9-1ycs
Aliases: GHSA-2vhw-q7vh-7xv2 |
openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers ### Summary The `/ready` endpoint in `openssl_encrypt_server/server.py` at **lines 159-175** catches database errors and returns the full exception string in the response. ### Affected Code ```python except Exception as e: return {"status": "not_ready", "reason": str(e)} ``` ### Impact Database exception messages can leak: - Database hostnames and IP addresses - Connection parameters and port numbers - Driver version information - Potentially database credentials if included in connection string errors This information is available to unauthenticated callers. ### Recommended Fix - Return a generic error message: `{"status": "not_ready", "reason": "database unavailable"}` - Log the full exception server-side for debugging ### Fix Fixed in commit `7aa8787` on branch `releases/1.4.x` — replaced str(e) with generic "database check failed" message; full exception logged server-side at WARNING level. |
Affected by 0 other vulnerabilities. |
|
VCID-n33y-a6pm-6ug3
Aliases: GHSA-425g-fjhq-5h92 |
openssl-encrypt silently skips schema validation when jsonschema library is not installed ### Summary In `openssl_encrypt/modules/json_validator.py` at **lines 234-238**, when the `jsonschema` library is not installed, all schema validation is silently skipped with only a print warning. ### Affected Code ```python if not JSONSCHEMA_AVAILABLE: print(f"Warning: Cannot validate against schema '{schema_name}' - jsonschema library not available") return ``` Additionally, unknown metadata format versions (line 288-293) bypass schema validation entirely, and all schemas use `additionalProperties: true` allowing arbitrary extra fields. ### Impact An attacker who can influence the Python environment (remove the jsonschema package) or craft metadata with an unknown version number can bypass all schema checks. Malformed or malicious metadata will be accepted without validation. ### Recommended Fix - Make `jsonschema` a required dependency, not optional - Or fail-closed: refuse to process metadata when validation cannot be performed - Reject unknown format versions instead of silently skipping validation - Consider using `additionalProperties: false` in schemas ### Fix Fixed in commit `6e7f938` on branch `releases/1.4.x` — validate_against_schema() now raises JSONValidationError when jsonschema is unavailable instead of silently passing; changed print() warning to logging.warning(). |
Affected by 0 other vulnerabilities. |
|
VCID-nu9f-dbfr-7bfr
Aliases: GHSA-hvc7-763r-4f3h |
openssl-encrypt has no owner verification on key revocation — any client can revoke any key ### Summary The `revoke_key` method in `openssl_encrypt_server/modules/keyserver/service.py` at **lines 195-270** accepts a `client_id` parameter but never verifies that the requesting client is the same as `key.owner_client_id`. ### Impact Any authenticated client can revoke any other client's key, as long as they provide a valid revocation signature. While the signature requirement mitigates this somewhat (you need the private key to sign), the lack of ownership check is a defense-in-depth gap. ### Recommended Fix - Add an ownership check: verify `client_id == key.owner_client_id` before allowing revocation - Return 403 Forbidden if the requesting client does not own the key ### Fix Fixed in commit `05e45f3` on branch `releases/1.4.x` — added documentation that ML-DSA signature verification IS the cryptographic ownership check; added info-level logging on successful verification. |
Affected by 0 other vulnerabilities. |
|
VCID-nynf-r4u1-u7fh
Aliases: GHSA-h3m5-p59h-x88p |
openssl-encrypt has visible password in process list via --password CLI argument ### Summary Passwords passed via the `--password` / `-p` CLI argument in `openssl_encrypt/modules/crypt_cli_subparser.py` at **lines 150-154** are visible to any user on the system via `ps aux` or `/proc/[pid]/cmdline`. ### Affected Code ```python subparser.add_argument( "--password", "-p", help="Password (will prompt if not provided, or use CRYPT_PASSWORD environment variable)", ) ``` Similarly, `--keystore-password` exposes the keystore password. ### Impact On multi-user systems, any user can observe the encryption password by listing processes. The `CRYPT_PASSWORD` environment variable alternative is also visible via `/proc/[pid]/environ` (though with slightly restricted access). ### Recommended Fix - Document the security implications prominently - Recommend interactive prompting (already supported) as the secure default - Consider supporting password file descriptors (`--password-fd`) or reading from stdin - Consider marking the argument as deprecated in favor of interactive prompting ### Fix Fixed in commit `e78a366` on branch `releases/1.4.x` — added --password-file and --password-fd arguments; added OPENSSL_ENCRYPT_PASSWORD env var support; --password now emits deprecation warning. |
Affected by 0 other vulnerabilities. |
|
VCID-y8q5-q6j6-3fgx
Aliases: GHSA-j48q-4c78-rhf9 |
openssl-encrypt: Dynamic .so loading for Whirlpool uses broad glob pattern without integrity verification ## Severity: HIGH ### Summary The Whirlpool hash implementation in `openssl_encrypt/modules/registry/hash_registry.py` at **lines 570-589** uses glob patterns to find `.so` modules in site-packages and loads the first match via `importlib` without verifying module integrity. ### Affected Code ```python for site_pkg in site.getsitepackages(): pattern = os.path.join(site_pkg, "whirlpool*py313*.so") py313_modules = glob.glob(pattern) if py313_modules: module_path = py313_modules[0] # Takes first match loader = ExtensionFileLoader("whirlpool", module_path) spec = importlib.util.spec_from_file_location("whirlpool", module_path, loader=loader) whirlpool_module = importlib.util.module_from_spec(spec) spec.loader.exec_module(whirlpool_module) ``` ### Impact The glob pattern `"whirlpool*py313*.so"` is broad and takes the first match without verifying: - File hash/signature - File ownership/permissions - Whether it's a legitimate module If an attacker can place a malicious `.so` file matching this pattern in any site-packages directory, it will be loaded and native code executed. ### Recommended Fix - Verify the module's integrity (hash or signature) before loading - Use a specific filename rather than a glob pattern - Check file permissions and ownership ### Fix Fixed in commit `963d0d1` on branch `releases/1.4.x` — added os.path.realpath() to resolve symlinks and validation that found .so files are within known site-packages directories before loading. |
Affected by 0 other vulnerabilities. |
|
VCID-z8mp-azav-xqh7
Aliases: GHSA-4rh7-jwg9-m28m |
openssl-encrypt accepts refresh tokens as URL query parameters causing token leakage ### Summary Refresh tokens are accepted as URL query parameters in the keyserver and telemetry server routes. ### Affected Code ```python # openssl_encrypt_server/modules/keyserver/routes.py:214-215 # openssl_encrypt_server/modules/telemetry/routes.py:90-91 async def refresh_token( request: Request, refresh_token: str = Query(..., description="Refresh token") ): ``` ### Impact Tokens in URL query parameters are exposed in: - Server access logs - Proxy/CDN logs - Browser history - HTTP Referer headers - Network monitoring tools This creates significant token leakage risk. ### Recommended Fix - Accept refresh tokens in the request body (POST) instead of query parameters - Use `Body(...)` instead of `Query(...)` ### Fix Fixed in commit `4b2adb0` on branch `releases/1.4.x` — moved refresh token from Query parameter to POST body via RefreshRequest Pydantic model. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||