CVE-2021-43568
📋 TL;DR
This vulnerability allows attackers to forge digital signatures on arbitrary messages due to missing non-zero validation in the Stark Bank ECDSA library's verify function. Any application using the affected library for cryptographic signature verification is vulnerable, potentially compromising authentication, authorization, and data integrity mechanisms.
💻 Affected Systems
- Stark Bank ECDSA Elixir library (ecdsa-elixir)
📦 What is this software?
Elixir Ecdsa by Starkbank
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of cryptographic authentication systems allowing attackers to impersonate any user, authorize fraudulent transactions, or tamper with signed data without detection.
Likely Case
Authentication bypass and data integrity violations in applications relying on ECDSA signatures for security controls.
If Mitigated
Limited impact if additional security layers exist, but cryptographic verification remains fundamentally broken.
🎯 Exploit Status
Technical advisory includes proof-of-concept details. Exploitation requires only the ability to submit forged signatures to vulnerable verification endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.1
Vendor Advisory: https://github.com/starkbank/ecdsa-elixir/releases/tag/v1.0.1
Restart Required: No
Instructions:
1. Update dependency in mix.exs to 'ecdsa-elixir' version '~> 1.0.1'. 2. Run 'mix deps.update ecdsa-elixir'. 3. Recompile and redeploy application.
🔧 Temporary Workarounds
Manual signature validation
allAdd custom validation to check that signature components (r, s) are non-zero before calling the verify function.
# In Elixir code, add: if signature.r != 0 and signature.s != 0, do: ECDSA.verify(message, signature, public_key)
🧯 If You Can't Patch
- Implement additional authentication layers (multi-factor, IP whitelisting) for signature-dependent operations.
- Monitor for anomalous signature verification patterns and implement rate limiting on verification endpoints.
🔍 How to Verify
Check if Vulnerable:
Check mix.lock or mix.exs for 'ecdsa-elixir' version 1.0.0. If present and the verify function is used without non-zero checks, the system is vulnerable.Check Version:
mix deps | grep ecdsa-elixirVerify Fix Applied:
Confirm version 1.0.1 is installed via 'mix deps | grep ecdsa-elixir' and test signature verification with zero-value signatures (should reject).📡 Detection & Monitoring
Log Indicators:
- Failed signature verifications with zero-value signature components
- Successful verifications from unexpected sources
Network Indicators:
- Unusual patterns of signature verification requests
- High volume of verification attempts
SIEM Query:
source="application_logs" AND (signature_verification="success" AND (signature_r="0" OR signature_s="0"))🔗 References
- https://github.com/starkbank/ecdsa-elixir/releases/tag/v1.0.1
- https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/
- https://github.com/starkbank/ecdsa-elixir/releases/tag/v1.0.1
- https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/
