Bug 1186380 (CVE-2021-3563)

Summary: VUL-0: CVE-2021-3563: venv-openstack-keystone,ardana-keystone,openstack-keystone,python-keystonemiddleware,python-keystoneauth1,python-keystoneclient: Keystone: Verification of application credentials is silently length-limited
Product: [Novell Products] SUSE Security Incidents Reporter: Gianluca Gabrielli <gianluca.gabrielli>
Component: IncidentsAssignee: Yogalakshmi Arunachalam <yarunachalam>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: calmeidadeoliveira, cloud-bugs, jmoffitt, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/299515/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-3563:7.4:(AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Gianluca Gabrielli 2021-05-24 09:58:23 UTC 
Keystone only verifies part of the secret - the first 72 characters. Additional complexity is ignored, giving users an inflated sense of security. Default length of a secret seems to be 86 characters. While brute forcing at this scale is out of reach for many attackers, state of the art is constantly evolving and we need to support OpenStack for many years to come.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1962908
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3563
Comment 1 Jeremy Moffitt 2021-10-19 16:36:25 UTC 
Discussed with SOC PM and engineering team. Plan is to document how a customer could reconfigure keystone to use scrypt, pbkdf2_sha512, or sha512_crypt (the other hashing algoritms that keystone already supports), and do a sanity test of those instructions for SOC8/9. There is not currently a fixed version of bcrypt to remedy this problem, so implementing a fix would be far more disruptive than leaving it alone given the lack of exploitability. 

Guang will work on the instructions, and I will identify someone to test them.
Comment 2 Jeremy Moffitt 2021-10-19 16:39:05 UTC 
also, the upstream tracking for this is at https://bugs.launchpad.net/keystone/+bug/1901891  . There are no fixes in flight, though there is a test proposed to demonstrate the problem.
Comment 3 Guang Yee 2021-11-02 22:21:53 UTC 
As mentioned by Jeremy, there's currently no upstream fix. Also per bcrypt documentation, it currently has no known weakness. See

https://passlib.readthedocs.io/en/stable/lib/passlib.hash.bcrypt.html

"BCrypt was developed to replace md5_crypt for BSD systems. It uses a modified version of the Blowfish stream cipher. Featuring a large salt and variable number of rounds, it’s currently the default password hash for many systems (notably BSD), and has no known weaknesses."

However, if customers are not comfortable using bcrypt, Keystone also supports scrypt, pbkdf2_sha512, and sha512_crypt. See


https://opendev.org/openstack/keystone/src/branch/stable/rocky/keystone/common/password_hashing.py#L29-L32

However, please note that each algorithm has tradeoffs and limitations in terms of security and performance. Please see passlib documentation for more details.

https://passlib.readthedocs.io/en/stable/narr/quickstart.html#recommended-hashes

To change the password hash algorithm, just update the "password_hash_algorithm" in the "[identity]" section of "keystone.conf". For example:

[identity]
password_hash_algorithm=sha512_crypt
Comment 6 Jeremy Moffitt 2021-11-04 19:00:59 UTC 
assigning to Yoga to validate the instructions from Guang
Comment 7 Yogalakshmi Arunachalam 2021-12-07 23:48:13 UTC 
Validated in soc9 - qe102 environment:

Before changing password hash algorithm 
MariaDB [(none)]> use keystone
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [keystone]> select l.id, l.name, p.password_hash from local_user as l, password as p where l.name = 'crypt' and l.id = p.local_user_id
    -> ;
+-----+-------+--------------------------------------------------------------+
| id  | name  | password_hash                                                |
+-----+-------+--------------------------------------------------------------+
| 256 | crypt | $2b$12$6Z//0D4sLjD/9AUuXmqRMew2mUVGajQ2qKt/KgsFRzP8dxHEdKlgu |
+-----+-------+--------------------------------------------------------------+
1 row in set (0.00 sec)
Comment 8 Yogalakshmi Arunachalam 2021-12-08 21:17:31 UTC 
keystone-reconfigure playbook failed with 
 grep ERROR keystone.log
39431 (keystone.common.wsgi): 2021-12-08 20:07:41,055 ERROR wsgi __call__ Value for option password_hash_algorithm is not valid: Valid values are [bcrypt, scrypt, pbkdf2_sha512], but found 'sha512_crypt'

after fixing the algorithm from '-' to '_'

password_hash_algorithm = pbkdf2-sha512


password_hash_algorithm = pbkdf2_sha512

keystone-reconfigure playbook completed success and able to check the new password hashed with new algorithm

Database changed
MariaDB [keystone]> select l.id, l.name, p.password_hash from local_user as l, password as p where l.name = 'crypt' and l.id = p.local_user_id;
+-----+-------+------------------------------------------------------------------------------------------------------------------------------------+
| id  | name  | password_hash                                                                                                                      |
+-----+-------+------------------------------------------------------------------------------------------------------------------------------------+
| 256 | crypt | $2b$12$6Z//0D4sLjD/9AUuXmqRMew2mUVGajQ2qKt/KgsFRzP8dxHEdKlgu                                                                       |
| 256 | crypt | $pbkdf2-sha512$25000$VQrB2Jtz7r1XKmVsTak1pg$UG0mgh1ZXJrKL.3pdLj9PUC3ipDtC8jusrFaWbGAh496qVTZ0ExoUtfMsrMj0pI7OqvPK4jZEDGyb9xmx/Y5rg |
+-----+-------+------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
Comment 9 Jeremy Moffitt 2022-01-12 20:14:06 UTC 
Documentation updates with these instructions are now live at:https://documentation.suse.com/soc/9/single-html/suse-openstack-cloud-operations/#topic-qtp-cn3-bt

There will be a release note referencing these instructions with the next SOC9 MU, which may be a while. The github change for that RN snippet is: https://github.com/SUSE/release-notes-suse-openstack-cloud/pull/97

As the doc change is live and the RN is merged and in the pipeline, I'm marking this as resolved.
Comment 12 Swamp Workflow Management 2022-05-18 19:16:25 UTC 
SUSE-SU-2022:1729-1: An update that solves 17 vulnerabilities, contains two features and has one errata is now available.

Category: security (important)
Bug References: 1118088,1179534,1184177,1186380,1189390,1189794,1192070,1192073,1192075,1193597,1193688,1193752,1194521,1194551,1194552,1194952,1194954,1199138
CVE References: CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-38155,CVE-2021-40085,CVE-2021-41182,CVE-2021-41183,CVE-2021-41184,CVE-2021-43813,CVE-2021-43818,CVE-2021-44716,CVE-2022-22815,CVE-2022-22816,CVE-2022-22817,CVE-2022-23451,CVE-2022-23452,CVE-2022-29970
JIRA References: SOC-11620,SOC-11621
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    grafana-6.7.4-3.26.1, openstack-barbican-7.0.1~dev24-3.14.1, openstack-cinder-13.0.10~dev24-3.34.2, openstack-heat-gbp-14.0.1~dev4-3.9.1, openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1, openstack-ironic-11.1.5~dev18-3.28.2, openstack-keystone-14.2.1~dev9-3.28.2, openstack-neutron-13.0.8~dev206-3.40.1, openstack-neutron-gbp-14.0.1~dev33-3.31.1, python-Pillow-5.2.0-3.17.1, python-XStatic-jquery-ui-1.13.0.1-4.3.1, python-lxml-4.2.4-3.3.1, release-notes-suse-openstack-cloud-9.20220413-3.30.1, rubygem-sinatra-1.4.6-4.3.1
SUSE OpenStack Cloud 9 (src):    ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1, grafana-6.7.4-3.26.1, openstack-barbican-7.0.1~dev24-3.14.1, openstack-cinder-13.0.10~dev24-3.34.2, openstack-heat-gbp-14.0.1~dev4-3.9.1, openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1, openstack-ironic-11.1.5~dev18-3.28.2, openstack-keystone-14.2.1~dev9-3.28.2, openstack-neutron-13.0.8~dev206-3.40.1, openstack-neutron-gbp-14.0.1~dev33-3.31.1, python-Pillow-5.2.0-3.17.1, python-XStatic-jquery-ui-1.13.0.1-4.3.1, python-lxml-4.2.4-3.3.1, release-notes-suse-openstack-cloud-9.20220413-3.30.1, venv-openstack-barbican-7.0.1~dev24-3.35.2, venv-openstack-cinder-13.0.10~dev24-3.38.1, venv-openstack-designate-7.0.2~dev2-3.35.1, venv-openstack-glance-17.0.1~dev30-3.33.1, venv-openstack-heat-11.0.4~dev4-3.35.1, venv-openstack-horizon-14.1.1~dev11-4.39.1, venv-openstack-ironic-11.1.5~dev18-4.33.1, venv-openstack-keystone-14.2.1~dev9-3.36.1, venv-openstack-magnum-7.2.1~dev1-4.35.1, venv-openstack-manila-7.4.2~dev60-3.41.1, venv-openstack-monasca-2.7.1~dev10-3.37.1, venv-openstack-monasca-ceilometer-1.8.2~dev3-3.35.1, venv-openstack-neutron-13.0.8~dev206-6.39.1, venv-openstack-nova-18.3.1~dev91-3.39.1, venv-openstack-octavia-3.2.3~dev7-4.35.1, venv-openstack-sahara-9.0.2~dev15-3.35.1, venv-openstack-swift-2.19.2~dev48-2.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.