Workplace Open XML (OOXML) Signatures, an Ecma/ISO customary utilized in Microsoft Workplace purposes and open supply OnlyOffice, have a number of safety flaws and may be simply spoofed.
In consequence, Workplace recordsdata signed this fashion may be altered undetectably or fully fabricated with a cast signature. And that is essentially opposite to the aim of digital signatures.
5 pc researchers from Ruhr College Bochum in Germany – Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, and Jörg Schwenk – describe this sorry state of affairs in a paper titled: “Each Signature is Damaged: On the Insecurity of Microsoft Workplace’s OOXML Signatures.”
The paper is scheduled to be offered on the USENIX Safety Symposium in August.
OOXML first appeared in Workplace in 2006. It consists of a zipped bundle of XML recordsdata. Microsoft refers back to the format merely as Open XML.
The boffins say they discovered discrepancies within the construction of workplace paperwork and the best way signatures get verified. In consequence they had been in a position to establish 5 methods to assault susceptible paperwork to change their contents and forge signatures.
The researchers examined the assaults on variations of Microsoft Workplace on Home windows and macOS, in addition to on OnlyOffice Desktop for Home windows, macOS, and Linux. And each single one was susceptible.
And with Microsoft Workplace for macOS, doc signatures merely weren’t validated in any respect. The researchers discovered they might add an empty file named sig1.xml to an OOXML bundle – which consists of a number of zipped recordsdata – and the Workplace for Mac would present a safety banner proclaiming that the doc was protected by a signature.
“The assaults’ influence is alarming: attackers can arbitrarily manipulate the displayed content material of a signed doc, and victims are unable to detect the tampering,” the authors clarify of their paper.
“Even worse, we current a common signature forgery assault that permits the attacker to create an arbitrary doc and apply a signature extracted from a special supply, akin to an ODF doc or a SAML token. For the sufferer, the doc is displayed as validly signed by a trusted entity.”
There are three points primarily. First, OOXML makes use of partial signatures, so not each file will get checked. Second, the rendering stream permits unsigned content material to be added to recordsdata, and third, dealing with cryptographic verification for digital signatures is overly difficult.
“We see the principle downside with partial signatures,” defined Simon Rohlmann, Tandem-Professor for IT Safety/Info at Mainz College of Utilized Sciences and lead creator of the paper whereas at Ruhr College Bochum, in an electronic mail to The Register. “A digital signature is meant to guard the integrity of a doc, however on the similar time not all elements of the doc are signed. It is a contradiction in phrases.”
The group say it reported the findings to Microsoft, OnlyOffice, and to the related requirements committee, ISO/IEC JTC 1/SC 34.
Microsoft, they declare, acknowledged the findings and awarded a bug bounty, however “has determined that the vulnerabilities don’t require speedy consideration.” And the researchers say they’ve not heard from OnlyOffice since October, 2022.
Microsoft and OnlyOffice didn’t instantly reply to requests for remark.
One of many paper’s co-authors, Daniel Hirschberger, has posted proof-of-concept code for spoofing OOXML signatures.
Rohlmann stated he simply retested the assaults on the newest LTSC model of Microsoft Workplace 2021 (model 2108, construct 14332.20503). “All assaults nonetheless work, which implies the vulnerabilities haven’t been mounted,” he stated.
When requested about Microsoft’s evaluation that these points don’t require speedy consideration, Rohlmann stated he disagrees.
“Digital signatures ought to no less than obtain the knowledge safety targets of integrity and authenticity,” he stated.
“By opting within the OOXML customary for partial signatures, these targets can’t be achieved. Now we have discovered a number of methods to change the content material of signed OOXML paperwork. This makes the digital signature for these paperwork virtually nugatory. For instance, an attacker might use signed paperwork to make assaults based mostly on social engineering seem notably reliable as a result of the doc accommodates a sound signature of a superior.”
Rohlmann stated he couldn’t say how frequent signed OOXML paperwork could also be. “Signed paperwork are primarily utilized by firms and governments, and are principally used internally, so we don’t have any clear data on this,” he stated. “Nonetheless, I estimate that the distribution of signed PDF paperwork might be considerably larger than signed OOXML paperwork.”
Partial signatures, stated Rohlmann, are the principle downside and different file codecs have addressed this, notably the OpenDocument Format (ODF).
“In earlier draft variations, the connection recordsdata weren’t a part of the signature calculation, similar to in OOXML in the present day,” he stated.
“This has been mounted within the last ODF model 1.2. In our analysis, we additionally discovered issues with signed ODF variations, however these had been extra doubtless attributable to fundamental issues with XML signatures or implementation flaws on the a part of the distributors. Usually, we should always at all times keep away from partial signatures in paperwork. Since this results in insecure implementations, associated to the signature.” ®