Critical Authentication Bypass Vulnerability on Python (CVE-2021-29921): In Python before 3.9.5., the IP address library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
The vulnerability is considered to be critical with a CVSS rating of 9.8 as the exploitation is known to be easy and can be conducted remotely.
In Python before 3.9.5., the stdlib IP address library 3.10 and below allows unauthenticated remote attackers to conduct authentication bypass or privilege escalation attacks when access control is based on IP addresses. The vulnerability stems from improper input validation of octal strings in stdlib library 3.10 and before.
Normally, using the dotted decimal notation, if an IP address with leading zeros is used, each octet that has leading zeros should be converted and treated as an octal value, rather than being evaluated as a decimal value. For instance, the IP address
010.010.255.255 should be converted to
188.8.131.52. However, the stdlib library 3.10 and below converts this IP address to
10.10.255.255 since it treats all the octets as decimal values and strips the leading zeros.
To fix the improper input validation flaw, the IP address library has been patched to prevent ambiguous evaluation of octal and decimal values by not tolerating leading zeros in IPv4 addressing any more.
A remote attacker who successfully exploits the CVE-2021-29921 vulnerability could gain unauthorized access due to improper validation of IP addresses (if access control depends on IP addresses).
Impact Summary (CVE-2021-29921)
Category: Authentication Bypass
CVSS 3.1 Base Score: 9.8 Critical
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
A good programmer is someone who always looks both ways before crossing a one-way street.Doug Linder
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
References to Other Python Vulnerabilities
- Critical RCE Vulnerability on Python (CVE-2021-3177)