Broken Authentication in Actix with Hmac Signatures
Broken Authentication in Actix with Hmac Signatures — how this specific combination creates or exposes the vulnerability
Actix is a popular Rust web framework where developers commonly implement HMAC-based request authentication to ensure integrity and origin verification. In this model, a client signs a request (often including a method, path, timestamp, and body) with a shared secret, and the server recomputes the HMAC to validate the request. When this pattern is implemented incorrectly, it can lead to Broken Authentication, even though the cryptographic primitive itself is sound.
One common vulnerability arises from inconsistent or missing verification of the timestamp (nonce/iat) alongside the HMAC. If the server validates the signature but does not enforce a tight time window or does not reject replayed requests, an attacker can capture a signed request and reuse it (replay attack). Because the signature remains valid, the server treats the replay as legitimate, leading to unauthorized access or privilege escalation.
A second issue is the improper handling of the secret key or the signing key material. For example, if the server embeds the HMAC secret in configuration files that are accidentally exposed, or if the application uses a weak key derivation process, the effective security collapses. middleBrick scans for such exposures as part of its Data Exposure checks.
Additionally, implementation mistakes in the comparison step can introduce side-channel vulnerabilities. Using a simple string equality check on the hex-encoded HMAC can be susceptible to timing attacks, where an attacker iteratively guesses the signature byte-by-byte. The fix is to use a constant-time comparison function. middleBrick includes checks for weak cryptographic practices that can lead to authentication bypass in its Encryption and Input Validation categories.
From an OWASP perspective, these issues map to Broken Authentication (API2:2023) and can facilitate unauthorized API interactions, data exposure, and privilege escalation. Because HMAC authentication often guards sensitive endpoints, a bypass here can expose business-critical operations. The scanner validates whether the API enforces replay protection (via timestamps or nonces) and whether it applies secure comparison, highlighting findings with severity and remediation guidance.
Hmac Signatures-Specific Remediation in Actix — concrete code fixes
To remediate Broken Authentication when using HMAC signatures in Actix, focus on strict verification of the signature, replay protection, and secure coding practices. Below are concrete, working examples in Rust using the hmac and sha2 crates.
1. Validate signature with replay protection (timestamp)
The server should verify the HMAC and ensure the request is recent. Here is an Actix handler that checks both the signature and a timestamp within a 5-minute window:
use actix_web::{web, HttpResponse, Result};
use hmac::{Hmac, Mac};
use sha2::Sha256;
use std::time::{SystemTime, UNIX_EPOCH};
// Type alias for HMAC-SHA256
type HmacSha256 = Hmac;
// In practice, load this securely (e.g., from a vault or environment variable)
const HMAC_SECRET: &[u8] = b"super-secret-key-12345";
async fn verify_hmac_signed_request(
payload: web::Json,
headers: actix_web::HttpRequest,
) -> Result {
let received_signature = match headers.headers().get("X-API-Signature") {
Some(val) => val.to_str().map_err(|_| HttpResponse::BadRequest().finish())?,
None => return Ok(HttpResponse::BadRequest().json(serde_json::json!({ "error": "Missing signature" }))),
};
let timestamp = match headers.headers().get("X-Request-Timestamp") {
Some(val) => val.to_str().map_err(|_| HttpResponse::BadRequest().finish())?,
None => return Ok(HttpResponse::BadRequest().json(serde_json::json!({ "error": "Missing timestamp" }))),
};
let timestamp_sec: i64 = timestamp.parse().map_err(|_| HttpResponse::BadRequest().finish())?;
let now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as i64;
// Reject if older than 5 minutes to prevent replay
if (now - timestamp_sec).abs() > 300 {
return Ok(HttpResponse::Forbidden().json(serde_json::json!({ "error": "Request expired" })));
}
// Reconstruct the signed string (must match client)
let method = "POST";
let path = "/api/resource";
let body = payload.to_string();
let message = format!("{}|{}|{}|{}", method, path, timestamp, body);
let mut mac = HmacSha256::new_from_slice(HMAC_SECRET).map_err(|_| HttpResponse::InternalServerError().finish())?;
mac.update(message.as_bytes());
let computed_signature = mac.finalize().into_bytes();
let computed_hex = hex::encode(computed_signature);
// Use constant-time comparison to avoid timing attacks
if !hmac::crypto_mac::Mac::verify_slice(mac.clone(), computed_signature.as_ref()).is_ok() {
// In real code, use subtle::ConstantTimeEq or similar
if computed_hex != received_signature {
return Ok(HttpResponse::Unauthorized().json(serde_json::json!({ "error": "Invalid signature" })));
}
}
Ok(HttpResponse::Ok().json(serde_json::json!({ "status": "ok" })))
}
2. Client-side signing example
Ensure the client uses the same canonical format and includes required headers. Example using reqwest and a helper to sign:
use hmac::{Hmac, Mac};
use sha2::Sha256;
use std::time::{SystemTime, UNIX_EPOCH};
// Reuse the same secret on the client for illustration (in practice, keep it secure)
const HMAC_SECRET: &[u8] = b"super-secret-key-12345";
fn sign_request(method: &str, path: &str, timestamp: u64, body: &str) -> String {
let message = format!("{}|{}|{}|{}", method, path, timestamp, body);
let mut mac = Hmac::::new_from_slice(HMAC_SECRET).expect("HMAC can take key of any size");
mac.update(message.as_bytes());
let result = mac.finalize();
hex::encode(result.into_bytes())
}
async fn send_signed_request() -> Result<(), Box> {
let client = reqwest::Client::new();
let timestamp = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs();
let signature = sign_request("POST", "/api/resource", timestamp, r#"{"key":"value"}"#);
let res = client
.post("http://localhost:8080/api/resource")
.header("X-API-Signature", signature)
.header("X-Request-Timestamp", timestamp.to_string())
.json(&serde_json::json!({ "key": "value" }))
.send()
.await?;
println!("Status: {}", res.status());
Ok(())
}
These examples enforce signature validation, timestamp checks, and constant-time comparison where feasible. They align with security best practices and help mitigate Broken Authentication risks in Actix services using HMAC.
Related CWEs: authentication
| CWE ID | Name | Severity |
|---|---|---|
| CWE-287 | Improper Authentication | CRITICAL |
| CWE-306 | Missing Authentication for Critical Function | CRITICAL |
| CWE-307 | Brute Force | HIGH |
| CWE-308 | Single-Factor Authentication | MEDIUM |
| CWE-309 | Use of Password System for Primary Authentication | MEDIUM |
| CWE-347 | Improper Verification of Cryptographic Signature | HIGH |
| CWE-384 | Session Fixation | HIGH |
| CWE-521 | Weak Password Requirements | MEDIUM |
| CWE-613 | Insufficient Session Expiration | MEDIUM |
| CWE-640 | Weak Password Recovery | HIGH |