cnvd - cnvd-2018-05757

CNVD-2018-05757

Vulnerability from cnvd - Published: 2018-03-20

Title

Twitter Kit for iOS Login with Twitter组件存在未明漏洞

Description

Twitter Kit for iOS是一套基于iOS平台的开源的用于与Twitter进行无缝交互的本地开发工具包。Login with Twitter component是其中的一个登陆组件。基于iOS平台的Twitter Kit 3.0版本至3.2.1版本中的Login with Twitter组件存在安全漏洞。攻击者可利用该漏洞提交代替性的凭证，使推特账户与第三方服务发生关联。

Severity

中

Patch Name

Twitter Kit for iOS Login with Twitter组件存在未明漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html

Reference

https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html

Impacted products

Name
Twitter Kit for iOS >=3.0，<=3.2.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-0911"
    }
  },
  "description": "Twitter Kit for iOS\u662f\u4e00\u5957\u57fa\u4e8eiOS\u5e73\u53f0\u7684\u5f00\u6e90\u7684\u7528\u4e8e\u4e0eTwitter\u8fdb\u884c\u65e0\u7f1d\u4ea4\u4e92\u7684\u672c\u5730\u5f00\u53d1\u5de5\u5177\u5305\u3002Login with Twitter component\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u767b\u9646\u7ec4\u4ef6\u3002\r\n\r\n\u57fa\u4e8eiOS\u5e73\u53f0\u7684Twitter Kit 3.0\u7248\u672c\u81f33.2.1\u7248\u672c\u4e2d\u7684Login with Twitter\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u4ee3\u66ff\u6027\u7684\u51ed\u8bc1\uff0c\u4f7f\u63a8\u7279\u8d26\u6237\u4e0e\u7b2c\u4e09\u65b9\u670d\u52a1\u53d1\u751f\u5173\u8054\u3002",
  "discovererName": "unknow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-05757",
  "openTime": "2018-03-20",
  "patchDescription": "Twitter Kit for iOS\u662f\u4e00\u5957\u57fa\u4e8eiOS\u5e73\u53f0\u7684\u5f00\u6e90\u7684\u7528\u4e8e\u4e0eTwitter\u8fdb\u884c\u65e0\u7f1d\u4ea4\u4e92\u7684\u672c\u5730\u5f00\u53d1\u5de5\u5177\u5305\u3002Login with Twitter component\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u767b\u9646\u7ec4\u4ef6\u3002\r\n\r\n\u57fa\u4e8eiOS\u5e73\u53f0\u7684Twitter Kit 3.0\u7248\u672c\u81f33.2.1\u7248\u672c\u4e2d\u7684Login with Twitter\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u4ee3\u66ff\u6027\u7684\u51ed\u8bc1\uff0c\u4f7f\u63a8\u7279\u8d26\u6237\u4e0e\u7b2c\u4e09\u65b9\u670d\u52a1\u53d1\u751f\u5173\u8054\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Twitter Kit for iOS Login with Twitter\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Twitter Kit for iOS \u003e=3.0\uff0c\u003c=3.2.1"
  },
  "referenceLink": "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html",
  "serverity": "\u4e2d",
  "submitTime": "2018-02-26",
  "title": "Twitter Kit for iOS Login with Twitter\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2017-0911 (GCVE-0-2017-0911)

Vulnerability from cvelistv5 – Published: 2018-02-09 22:00 – Updated: 2024-09-17 03:32

Summary

Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service.

Severity ?

No CVSS data available.

CWE

CWE-360 - Trust of System Event Data (CWE-360)

Assigner

hackerone

References

URL

Tags

	https://hackerone.com/reports/290229	x_refsource_MISC
	https://blog.twitter.com/developer/en_us/topics/t…	x_refsource_CONFIRM
	https://github.com/twitter/twitter-kit-ios/blob/b…	x_refsource_CONFIRM
	https://github.com/twitter/twitter-kit-ios/wiki/C…	x_refsource_CONFIRM
	https://github.com/twitter/twitter-kit-ios/blob/b…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Twitter	Twitter Kit for iOS	Affected: Versions 3.0 to 3.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:16.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/290229"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Twitter Kit for iOS",
          "vendor": "Twitter",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 3.0 to 3.2.1"
            }
          ]
        }
      ],
      "datePublic": "2017-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the \"Login with Twitter\" component allowing an attacker to provide alternate credentials. In the final step of \"Login with Twitter\" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-\u003cconsumer-key\u003e) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-360",
              "description": "Trust of System Event Data (CWE-360)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T21:57:01",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/290229"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "DATE_PUBLIC": "2017-11-28T00:00:00",
          "ID": "CVE-2017-0911",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Twitter Kit for iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions 3.0 to 3.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Twitter"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the \"Login with Twitter\" component allowing an attacker to provide alternate credentials. In the final step of \"Login with Twitter\" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-\u003cconsumer-key\u003e) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Trust of System Event Data (CWE-360)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/290229",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/290229"
            },
            {
              "name": "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html",
              "refsource": "CONFIRM",
              "url": "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html"
            },
            {
              "name": "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411",
              "refsource": "CONFIRM",
              "url": "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411"
            },
            {
              "name": "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017",
              "refsource": "CONFIRM",
              "url": "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017"
            },
            {
              "name": "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71",
              "refsource": "CONFIRM",
              "url": "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2017-0911",
    "datePublished": "2018-02-09T22:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T03:32:53.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-05757

CVE-2017-0911 (GCVE-0-2017-0911)

Tags

Sightings

Nomenclature