Overview
Critical Authentication Bypass Vulnerability on Python (CVE-2021-29921): In Python before 3.9.5., the IP address library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
The vulnerability is considered to be critical with a CVSS rating of 9.8 as the exploitation is known to be easy and can be conducted remotely.
Description
In Python before 3.9.5., the stdlib IP address library 3.10 and below allows unauthenticated remote attackers to conduct authentication bypass or privilege escalation attacks when access control is based on IP addresses. The vulnerability stems from improper input validation of octal strings in stdlib library 3.10 and before.
Normally, using the dotted decimal notation, if an IP address with leading zeros is used, each octet that has leading zeros should be converted and treated as an octal value, rather than being evaluated as a decimal value. For instance, the IP address 010.010.255.255 should be converted to 8.8.255.255. However, the stdlib library 3.10 and below converts this IP address to 10.10.255.255 since it treats all the octets as decimal values and strips the leading zeros.
To fix the improper input validation flaw, the IP address library has been patched to prevent ambiguous evaluation of octal and decimal values by not tolerating leading zeros in IPv4 addressing any more.
Impact
A remote attacker who successfully exploits the CVE-2021-29921 vulnerability could gain unauthorized access due to improper validation of IP addresses (if access control depends on IP addresses).
Impact Summary (CVE-2021-29921)
Category: Authentication Bypass
CVSS 3.1 Base Score: 9.8 Critical
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Solution (Update/Workaround)
To defend against possible attacks due to this critical authentication bypass vulnerability (CVE-2021-29921), Python should be updated to the most recent version or a patch can be applied.
A good programmer is someone who always looks both ways before crossing a one-way street.
Doug Linder
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
References to Other Python Vulnerabilities
- Critical RCE Vulnerability on Python (CVE-2021-3177)
To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?
