Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 21 Jun 2015 09:16:40 -0400 (EDT)
Subject: Re: CVE Request: MITM & Shoulder-surfing vuln in Ruby OTP/HOTP/TOTP library "ROPT" - ROTP

Hash: SHA1


As far as we can tell, ROTP is advertised as "A ruby library for
generating one time passwords (HOTP & TOTP) according to RFC 4226 and
RFC 6238." This applies to "generating." We did not find any
documentation stating that the "verifier" complies with RFC 6238.
Admittedly, it is plausible that many users expected that the verifier
would comply with this RFC, just because this RFC was mentioned. The
vendor's position (see the comment)
is, roughly, that this verifier behavior is outside the scope of the
ROTP design, and that anyone who wants this verifier behavior needs to
write code or obtain code elsewhere.

Possibly a second issue is
We might not understand this, but we think it essentially means that
"if ROTP were to consume an OTP, then this should be done consistently
for the current-timestamp case and the acceptable-past-timestamp
case." So, we don't think that this is an independent concern.

We don't think there can be a CVE ID for any aspect of the report
recommending that the verifier comply with RFC 6238. We agree that it
would be useful for the ROTP documentation to place some emphasis on
the actual verifier behavior, to cover the scenario where a user
guesses that full RFC compliance was intended, and later discovers
that a "MUST NOT" condition isn't met.

> NOTE: I have already sent a similar email to MITRE requesting a CVE
> ID, but been advised to submit here as well (then cancel the request
> to MITRE

We aren't exactly sure what this means. The MITRE CVE team currently
does not advise anyone to send messages to oss-security. The "already
sent" apparently refers to a message from an hour earlier. Messages
for us can be sent to either oss-security or to
but should not be sent to both addresses. Of course, we are willing to
accommodate the occasional case where someone accidentally sends to but actually wanted to make the information
public immediately on oss-security.

(Subject line modified to account for the "ROPT" typo.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through ]
Version: GnuPG v1.4.14 (SunOS)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.