No Limit in "title" length while adding SSH key , results in memory consumption/DOS attack in ikus060/rdiffweb
Sep 24th 2022
There must be a fixed length for user input parameters like "title" while adding SSH key. Allowing users to enter long strings may result in a DOS attack or memory corruption
Proof of Concept
1)Go to https://rdiffweb-demo.ikus-soft.com/prefs/sshkeys# endpoint . 2)Click on add SSH key. 3)Here you will see that there is no limit for the "title" while adding SSH key that allows a user to to set a very long string as long as 1 million characters . 4)This may possibly result in a memory corruption/DOS attack.
Mitigation: There must be a fixed length for the "title" while adding SSH key - upto 256 characters
Allows an attacker to set a "title" with long string leading to memory corruption/possible DOS attack