CVE-2020-5404 : Exploit Details and Defense Strategies

Reactor Netty HttpClient versions 0.9.x before 0.9.5 and 0.8.x before 0.8.16 may lead to a credentials leak during a redirect to a different domain if the HttpClient is explicitly configured to follow redirects.

Understanding CVE-2020-5404

This CVE involves an authentication leak vulnerability in Reactor Netty HttpClient.

What is CVE-2020-5404?

The HttpClient from Reactor Netty, specifically versions 0.9.x prior to 0.9.5 and versions 0.8.x prior to 0.8.16, can be misused, resulting in a credentials leak when redirected to another domain. This occurs only if the HttpClient is set up to follow redirects.

The Impact of CVE-2020-5404

The vulnerability has a CVSS base score of 6.5, indicating a medium severity issue. It can lead to a high impact on confidentiality and low impact on integrity.

Technical Details of CVE-2020-5404

This section covers the technical aspects of the CVE.

Vulnerability Description

The vulnerability allows for a credentials leak during a redirect to a different domain if the HttpClient is incorrectly configured to follow redirects.

Affected Systems and Versions

Product: Reactor Netty
Vendor: Pivotal
Affected Versions:
0.8.x versions prior to v0.8.16.RELEASE
0.9.x versions prior to v0.9.5.RELEASE

Exploitation Mechanism

The issue arises when the HttpClient is explicitly set to follow redirects, leading to the leakage of credentials during redirection.

Mitigation and Prevention

Protect systems from CVE-2020-5404 with the following measures:

Immediate Steps to Take

Update Reactor Netty to versions 0.8.16.RELEASE or 0.9.5.RELEASE.
Disable redirect following in HttpClient configurations.

Long-Term Security Practices

Regularly review and update HttpClient configurations.
Implement secure coding practices to prevent misconfigurations.

Patching and Updates

Apply patches provided by Pivotal to address the vulnerability.