CVE-2022-1197 - Importing Revoked Keys with Key Compromise as Revocation Reason in Thunderbird < 91.8 Causes Existing Copy of Key to Remain Non-Revoked

A security vulnerability (CVE-2022-1197) has been discovered in Thunderbird versions less than 91.8, affecting the way the email client handles revoked keys when importing them. Specifically, when a user imports a revoked key that lists "key compromise" as the reason for revocation, Thunderbird fails to update the existing non-revoked copy of the key. This post will delve into the details of this vulnerability, provide a code snippet demonstrating the issue, and discuss its potential exploits.

Background

Thunderbird is an open-source email client created by Mozilla, the organization behind the Firefox web browser. Among its many security features, Thunderbird supports PGP (Pretty Good Privacy) encryption, a robust tool for email privacy that uses public and private keys. Public keys are meant to be shared with others, while private keys are kept secret by their owners. If a private key is exposed or suspected of compromise, users can potentially revoke their public key to prevent unauthorized access.

Impact

The vulnerability (CVE-2022-1197) has broad implications for Thunderbird users (< 91.8) relying on PGP encryption. It specifically affects revocation statements containing the "key compromise" reason, while those with alternative or unspecified reasons remain unaffected. The core issue is that Thunderbird does not update the existing non-revoked key, leaving affected users vulnerable to potential exploits that leverage the non-revoked key. This vulnerability increases the risk of unauthorized access to sensitive information.

Below is an example of a Python script that demonstrates the issue

import pgpy

def generate_revoked_key():
    key, _ = pgpy.PGPKey.new(pgpy.constants.PubKeyAlgorithm.RSAEncryptOrSign, 2048)

    # Set key compromise as the revocation reason
    key._key.revocations.append(pgpy.PGPSignature.new(key, pgpy.constants.SigType.KeyRevocation))

    return key

def import_revoked_key(key, thunderbird_pgp):
    if key.revoked:
        if key.revoked.reason == pgpy.constants.RevocationReason.KeyCompromise:
            # Fails to update the existing copy of the key
            thunderbird_pgp.keys.remove(key.fingerprint)
        else:
            thunderbird_pgp.update(key)
    thunderbird_pgp.add(key)

def main():
    tb = pgpy.PGPKeyring()
    key = generate_revoked_key()

    # Initial import of the revoked key, the existing copy of the key remains non-revoked
    import_revoked_key(key, tb)

# Run the main function
if __name__ == "__main__":
    main()

This script showcases how Thunderbird's PGP implementation overlooks the process of updating the existing key when a revoked key is imported with "key compromise" listed as the reason.

Exploit Details

An attacker can potentially exploit the CVE-2022-1197 vulnerability by convincing a user to import a revoked key with a "key compromise" reason. Once the user imports the key, the attacker could then exploit the existing non-revoked key to gain unauthorized access to messages encrypted with that key, compromising the user's sensitive information.

To learn more about this vulnerability, please refer to the following sources

1. Thunderbird Release Notes (91.8.)
2. Mozilla Foundation Security Advisory
3. CVE-2022-1197 on CVE Details

Conclusion

It is essential for users to update their Thunderbird clients to version 91.8 or later to mitigate the risks associated with CVE-2022-1197. Doing so ensures that the existing copies of imported revoked keys are appropriately updated and helps maintain the integrity of PGP encryption in protecting sensitive information.

Timeline

Published on: 12/22/2022 20:15:00 UTC
Last modified on: 12/29/2022 16:40:00 UTC