Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-46505 PoC — MatrixSSL 安全漏洞

Source
https://github.com/SmallTown123/details-for-CVE-2022-46505
Associated Vulnerability
Title:MatrixSSL 安全漏洞 (CVE-2022-46505)
Description:An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.
Description
MatrixSSL session resume bug
Readme
# details-for-CVE-2022-46505
MatrixSSL session resume bug
## 1. Description of bug

An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an **all-zero MasterSecret** that can decrypt secret data.

## 2. Affected version

MatrixSSL 4.5.1-open and earlier

## 3. Vulnerability Type

tls resume session decryption

## 4. Bug details

The matrixssl server stores negotiated session information through a list. 

```c
static sslSessionEntry_t g_sessionTable[SSL_SESSION_TABLE_SIZE]; 
// SSL_SESSION_TABLE_SIZE is 32
```

```c
typedef struct
{
    unsigned char id[SSL_MAX_SESSION_ID_SIZE]; // 32
    unsigned char masterSecret[SSL_HS_MASTER_SIZE]; // 48
    const sslCipherSpec_t *cipher;
    unsigned char majVer;
    unsigned char minVer;
    short extendedMasterSecret;           /* was the extension used? */
    psTime_t startTime;
    int32 inUse;
    DLListEntry chronList;
} sslSessionEntry_t;
```

The first four bytes of the SessionID field are a **little-endian sequence** number ranging **from 0 to 31.** 

![Untitled](Untitled.png)

Matrixssl determines whether the session is a resume session by matching the length of the session ID received with the four-byte quick index. 

However, when the storage list is initialized, MasterSecret is all zeros. 

Therefore, the malicious Client can send a **one-byte SessionID** for all-zero MasterSecret session resumption. When the server receives a single byte sessionid, the following bytes default to 0. Therefore, it can be validated and indexed to the list, and the MasterSecret corresponding to that sequence number in the list may still be 0. If this happens, we can **calculate the key and decrypt the TLS communication data.**

`./matrixssl/matrixssl.c  —>  int32 matrixResumeSession(ssl_t *ssl)`

![Untitled](Untitled%201.png)

![Untitled](Untitled%202.png)

**Adding console output for debug :** 

![Untitled](Untitled%203.png)

**Testing result :**

![Untitled](Untitled%204.png)

![Untitled](Untitled%205.png)

**Use all-zero MasterSecret to decrypt !**

![Untitled](Untitled%206.png)
File Snapshot

 [4.0K]  /data/pocs/893249934d9d3a6abae119a1a10c34685b00c65c
├── [2.1K]  README.md
├── [ 42K]  Untitled 1.png
├── [ 44K]  Untitled 2.png
├── [ 64K]  Untitled 3.png
├── [ 53K]  Untitled 4.png
├── [ 69K]  Untitled 5.png
├── [133K]  Untitled 6.png
└── [4.1K]  Untitled.png

0 directories, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →