logo

Database

Out-of-bounds read In openssl-encrypt

Description

openssl-encrypt accepts refresh tokens as URL query parameters causing token leakage

Summary

Refresh tokens are accepted as URL query parameters in the keyserver and telemetry server routes.

Affected Code

# openssl_encrypt_server/modules/telemetry/routes.py:90-91
async def refresh_token(
    request: Request,
    refresh_token: str = Query(..., description="Refresh token")
):

Impact

Tokens in URL query parameters are exposed in:

    Server access logs

    Proxy/CDN logs

    Browser history

    HTTP Referer headers

    Network monitoring tools

This creates significant token leakage risk.

Recommended Fix

    Accept refresh tokens in the request body (POST) instead of query parameters

    Use Body(...) instead of Query(...)

Fix

Fixed in commit 4b2adb0 on branch releases/1.4.x — moved refresh token from Query parameter to POST body via RefreshRequest Pydantic model.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GHSA-4rh7-jwg9-m28m2. GCVE-GHSA-4rh7-jwg9-m28m

References

1. https://github.com/jahlives/openssl_encrypt/security/advisories/GHSA-4rh7-jwg9-m28m2. https://github.com/jahlives/openssl_encrypt/commit/4b2adb05cde8a7ee03cdd271755da3b377c68011

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.