[Medium] Lack of Request Replay Protection in HTTP Signatures #23

New issue

Open

opened 2026-02-11 18:50:31 +00:00 by thabeta · 0 comments

thabeta commented

2026-02-11 18:50:31 +00:00

Owner

Issue

The HTTP Signature verifier in internal/httpsig/verifier.go verifies the cryptographic signature of requests but does not validate a nonce or enforce a strict expiration window based on the Date or X-Date headers.

Impact

Vulnerability to Replay Attacks: Valid signed requests can be intercepted and re-sent by an attacker to perform unauthorized actions.

Remediation

Enforce a maximum allowable time drift (e.g., 30-60 seconds) for the Date header compared to the server time.
Implement a nonce-tracking mechanism (e.g., using Redis or an in-memory cache) to ensure each signature is used only once.

Files Affected

internal/httpsig/verifier.go

## Issue The HTTP Signature verifier in `internal/httpsig/verifier.go` verifies the cryptographic signature of requests but does not validate a `nonce` or enforce a strict expiration window based on the `Date` or `X-Date` headers. ## Impact - Vulnerability to Replay Attacks: Valid signed requests can be intercepted and re-sent by an attacker to perform unauthorized actions. ## Remediation 1. Enforce a maximum allowable time drift (e.g., 30-60 seconds) for the `Date` header compared to the server time. 2. Implement a nonce-tracking mechanism (e.g., using Redis or an in-memory cache) to ensure each signature is used only once. ## Files Affected - `internal/httpsig/verifier.go`

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

geomind_code/webgateway#23

No description provided.

Rows
Columns