-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-022 Product: Adyen HPP API Vendor: Adyen Affected Version(s): HPP API with SHA-1 Tested Version(s): HPP API with SHA-1 Vulnerability Type: Cryptographic Issues (CWE-310) Risk Level: High Solution Status: Fixed Vendor Notification: 2015-04-16 Solution Date: 2015-07-03 Public Disclosure: 2016-05-02 CVE Reference: Not assigned Author of Advisory: Franz G. Jahn, SySS GmbH, https://www.syss.de/advisories/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: Adyen provides a payment service which can be used by various shop systems like Magento, Demandware or Prestashop. Using an hosted payment page (HPP), the customer will be redirected to a payment page of Adyen during the checkout process, afterwards he will be redirected to the shop itself. The redirect URL contains several parameters which indicate the status of the payment as well as a signature which can be used to validate the submitted parameters. By using signatures which are not suitable to authenticate the payment, the API allows to bypass the payment process. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details: Depending on the used payment type, up to four different signatures are used during the payment process. Three of them are generated by the shop system and submitted to the adyen payment page, the fourth one is generated by Adyen and submitted as parameter merchantSig to the shop system to authenticated the other parameters which indicate the status of the payment. All four signatures are generated in the same way by using a shared secret which is known to the shop system and to the hosted payment page. The way the signatures are build is described in the API manual[1]. Furthermore, several example implementations[2,3,4] which demonstrate the interaction between the shops and the payment platform are provided by Adyen. However, the way the signatures are build contains a flaw which might be abused to skip the whole payment process. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: Use new HMAC payment setup (SHA-256) [5] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2015-04-09: Vulnerability discovered 2015-04-16: Vulnerability reported to vendor 2015-04-28: Vulnerability confirmed by vendor 2015-07-03: Vendor provides an alternative HMAC payment setup and deprecates old SHA-1 based HMAC 2016-04-21: Vendor releases updated Magento plugin which uses the new payment setup 2016-05-02: Public release of security advisory. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Adyen, HPP API Manual https://www.adyen.com/dam/jcr:d00b49c2-1ad9-4617-a6ed-0013ce7670ce/HPP%20API%20Manual.pdf [2] Adyen, PHP Example Implementation https://github.com/Adyen/php/ [3] Adyen, ASP Example Implementation https://github.com/Adyen/asp [4] Adyen, Java Example Implementation https://github.com/Adyen/java [5] Adyen, New SHA-256 based HMAC payment setup https://docs.adyen.com/developers/hpp-manual#hmacpaymentsetupsha256 [6] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: Security vulnerability found by Franz G. Jahn of the SySS GmbH. E-Mail: franz.jahn@syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Franz_Jahn.asc Key ID: 0xD06A14DE Key Fingerprint: 2D26 E435 DF7F 572D A0C9 1DE8 D5A6 1496 D06A 14DE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXH4ZnAAoJENWmFJbQahTe+vwP/iBiofWPLI8xibfOpyv0oYA8 HrQNLgdFQMv/mf+Bhmsin/VnPYUrhB4dvsYuYDeQcRaZJATXbf5glQaXfFxKif4K Cxu1vQW1P8QbOmLc2o3iLhqwZKcPYeR/2xh+Wrn/8m5K5l91+HGt0KmHxPe5Sl4h I5CXxCL9O0os6jdVN2YepvgHE0hXEMMiPq4Qi86hKnGVIQe59mtGKoGxgJCHCvZp fE1zJfgkr2+kug/woXs7ynSBKwZAL46++qLziQ2YdtWhtfzdKBbp4V4lLySbtYCI wg3DUKWH8XuxtamPykvwn0NYubuAqpCboicwgFpBmRtyj4Fiqig3b8qemHytN+Pe syZVUGlK01IBqsHIqAEuTvU5mfmtfdptWrTzWiSogyVlw8JA/xD3KVEzwlw5CPNn SWYJWuN4lC/gkQZu0nwlLub7gvAqHGm/eEcNt+UzAHhQq6MdhZqSh+YO6RlD08zp lqSkb05+gIQ3HzPEiSKjEf7j4XK+Cv7VmhGDve5Qs9ehNKD61TFaJou8lbAVl8kL 5vVybk8ARv4xX06Y4UNl6mryH8A5OqtpLg92VOv4Ji0YcTAn/zH73t/UBfnDZk/X JP6IhbDScmAnCT12D7fCrwoWHz1bhT5O06TOoviXIRNtuW3G8/SFMVKjQ4xcVjc1 9uYFkOyWoffoEG+Jd3aw =bCA3 -----END PGP SIGNATURE-----