You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tessera provided an API named /partyinfo on tessera P2P port to discover all peers in network. Attackers can inject malicious address to tessera node with certain tessera public key, that could case private transaction failed if it's privateFor contains that public key. What's worse, there is no way to recover from this violation unless all tessera nodes down, because of each tessera node will push all recipients what they known.
In current implementation, Tessera is vulnerable if follow conditions satisfied:
1. Attacker can access the tessera node P2P port
2. Tessera node discovery is on
3. Tessera Config sslConfig.tls isn't "STRICT", or is "STRICT" but trust module isn't "WHITELIST" or "CA"
The reason of vulnerability is tessera choose remote tessera node randomly in it's recipients listSource Code, and everyone can override recipients list if they can access API /partyinfo(if tessera node discovery is on)Source Code.I have wrote an python PoC of this vulnerability, and I'm willing to share it with the contributor of the tessera project.
In my view, tessera node discovery service should be tamperproof enough to handle this issue. Or if we have a way to update peer node list(keep it sync with config file in disk) without restart tessera.
The text was updated successfully, but these errors were encountered:
Tessera provided an API named
/partyinfo
on tessera P2P port to discover all peers in network. Attackers can inject malicious address to tessera node with certain tessera public key, that could case private transaction failed if it'sprivateFor
contains that public key. What's worse, there is no way to recover from this violation unless all tessera nodes down, because of each tessera node will push all recipients what they known.In current implementation, Tessera is vulnerable if follow conditions satisfied:
1. Attacker can access the tessera node P2P port
2. Tessera node discovery is on
3. Tessera Config
sslConfig.tls
isn't "STRICT", or is "STRICT" but trust module isn't "WHITELIST" or "CA"The reason of vulnerability is tessera choose remote tessera node randomly in it's recipients listSource Code, and everyone can override recipients list if they can access API
/partyinfo
(if tessera node discovery is on)Source Code.I have wrote an python PoC of this vulnerability, and I'm willing to share it with the contributor of the tessera project.In my view, tessera node discovery service should be tamperproof enough to handle this issue. Or if we have a way to update peer node list(keep it sync with config file in disk) without restart tessera.
The text was updated successfully, but these errors were encountered: