클라이언트가 Decryption Oracle로 사용될 수 있는 취약점 수정

2026-02-04 16:16:55 +00:00 · 2025-07-04 23:26:58 +09:00
parent 13bac59824
commit c9331ae5b7
12 changed files with 58 additions and 38 deletions
--- a/src/lib/services/auth.ts
+++ b/src/lib/services/auth.ts
@@ -18,12 +18,12 @@ export const requestSessionUpgrade = async (
  });
  if (!res.ok) return false;

-  const { challenge }: SessionUpgradeResponse = await res.json();
+  const { id, challenge }: SessionUpgradeResponse = await res.json();
  const answer = await decryptChallenge(challenge, decryptKey);
  const answerSig = await signMessageRSA(answer, signKey);

  res = await callPostApi<SessionUpgradeVerifyRequest>("/api/auth/upgradeSession/verify", {
-    answer: encodeToBase64(answer),
+    id,
    answerSig: encodeToBase64(answerSig),
  });
  return res.ok;
--- a/src/lib/services/key.ts
+++ b/src/lib/services/key.ts
@@ -27,12 +27,12 @@ export const requestClientRegistration = async (
  });
  if (!res.ok) return false;

-  const { challenge }: ClientRegisterResponse = await res.json();
+  const { id, challenge }: ClientRegisterResponse = await res.json();
  const answer = await decryptChallenge(challenge, decryptKey);
  const answerSig = await signMessageRSA(answer, signKey);

  res = await callPostApi<ClientRegisterVerifyRequest>("/api/client/register/verify", {
-    answer: encodeToBase64(answer),
+    id,
    answerSig: encodeToBase64(answerSig),
  });
  return res.ok;