Overview
Spring Security is a comprehensive Java security framework for securing enterprise-level applications. It provides a powerful, flexible programming model that simplifies the development of secure applications by allowing you to manage authentication, authorization, and other security concerns with ease. Spring Security integrates seamlessly with the Spring Framework, offering robust tools for configuring access controls, managing user roles, and protecting resources, all while allowing Java to be your primary language for application development.
An integer overflow vulnerability (CVE-2022-22976) has been identified in Spring Security, which can result in disabling BCrypt salt rounds, leaving passwords vulnerable, through an improper configuration of the BCrypt maximum work factor.
This issue affects versions of Spring Security less than 5.5.7 and greater than or equal to 5.6.0 but less than 5.6.4.
Details
Module Info
- Product: Spring Security
- Affected packages: spring-security-crypto
- Affected versions: <5.5.7, >=5.6.0 <5.6.4
- GitHub repository: https://github.com/spring-projects/spring-security
- Package manager: Maven
- Fixed In: Spring NES v5.7.0
Vulnerability Info
With CVE-2022-22976, a salt round (work factor) in BCrypt refers to the process of strengthening password hashing by repeatedly applying a cryptographic operation to the password and a unique salt value. The number of rounds, or iterations, is configurable and directly impacts the computational cost of generating the hash.
Each additional round exponentially increases the time required to compute the hash, making brute-force attacks more difficult without significantly impacting legitimate authentication processes. This is a core feature of BCrypt that enhances security by slowing down potential attackers while keeping hash computation efficient enough for regular use.
Setting the work factor to 31 causes an integer overflow and no salt rounds are applied. This means that stored passwords are vulnerable to brute force attacks. This only happens with the maximum work factor of 31 and default settings are not affected. OWASP recommends a value of 10.
A mitigation tool provided by Spring can update affected passwords hashes to be secure. This tools should be used in conjunction with the correct version of Spring Security.
Steps To Reproduce
Creating a test to verify the issue is a good way to reproduce. If the test below fails, then the vulnerability exists. If the test takes 2-3 days to pass, then the vulnerability doesn’t exist.
@Test
public void cve2022_22976() {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(31);
String result = encoder.encode("password");
//'{bcrypt}$2a$31', '{bcrypt}$2b$31', '{bcrypt}$2y$31', '{bcrypt}$2$31', '$2a$31', '$2b$31', '$2y$31', or '$2$31'
assertThat(result).doesNotContain("$2a$31")
.doesNotContain("$2b$31")
.doesNotContain("$2y$31")
.doesNotContain("$2$31")
.doesNotContain("{bcrypt}$2a$31")
.doesNotContain("{bcrypt}$2b$31")
.doesNotContain("{bcrypt}$2y$31")
.doesNotContain("{bcrypt}$2$31");
}
Credits
- Eyal Kaspi
Mitigation
Spring Security 5 is no longer community-supported. The community support version will not receive any updates to address this issue. For more information, see here.
Users of the affected components should apply one of the following mitigations:
- Upgrade affected applications to supported versions of Spring Security & fix any stored hashes with the mitigation tool or reduce work factor to less than 31.
- Leverage a commercial support partner like HeroDevs for post-EOL security support.
