DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-8X3W-QJ7J-GQHF: The Shortest Path to Failure: Trivial Authentication Bypass in OpenMLS

#security #cve #cybersecurity #ghsa

The Shortest Path to Failure: Trivial Authentication Bypass in OpenMLS

Vulnerability ID: GHSA-8X3W-QJ7J-GQHF
CVSS Score: 9.8
Published: 2026-02-04

In the world of cryptographic implementation, 'constant-time' comparison is the gold standard for preventing side-channel attacks. Developers bend over backward to ensure that checking a signature takes exactly the same amount of time, regardless of whether it's correct or not.

But in a cruel twist of irony, the developers of openmls—a Rust implementation of the Messaging Layer Security (MLS) protocol—focused so hard on the timing that they forgot the length. Due to a quirk in how Rust's iterators handle zipping, the library's equality check would happily accept an empty byte array as a valid cryptographic tag. This allowed attackers to bypass message authentication entirely by simply providing... nothing.

TL;DR

A critical flaw in the openmls library allowed attackers to bypass cryptographic verification by providing truncated or empty authentication tags. The issue stemmed from Rust's .zip() iterator, which silently stops comparing when the shortest input is exhausted. Fixed in v0.7.2.

⚠️ Exploit Status: POC

Technical Details

  • CWE: CWE-1254 (Incorrect Comparison)
  • Attack Vector: Network
  • CVSS: 9.8 (Critical)
  • Impact: Authentication Bypass
  • Language: Rust
  • Fix Commit: 91ec049ffc2fa3766110223aa2aabe0303837af8

Affected Systems

  • Applications using openmls < 0.7.2
  • Rust-based MLS implementations
  • openmls: < 0.7.2 (Fixed in: 0.7.2)

Code Analysis

Commit: 91ec049

Fix incorrect comparison logic in equal_ct

fn equal_ct(a: &[u8], b: &[u8]) -> bool {
+    if a.len() != b.len() {
+        return false;
+    }
     let mut diff = 0u8;
     for (l, r) in a.iter().zip(b.iter()) {
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Update openmls crate to version 0.7.2 or later.
  • Implement strict length validation on all cryptographic inputs at the application boundary.

Remediation Steps:

  1. Run cargo audit to confirm vulnerability presence.
  2. Update Cargo.toml dependencies.
  3. Run cargo update.
  4. Re-run tests to ensure the new version is compatible.

References

Read the full report for GHSA-8X3W-QJ7J-GQHF on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)