Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.7
Mojic: Malicious File Decryption via Timing Attack
GHSA-wqq3-wfmp-v85g
Summary
A vulnerability in Mojic version 2.1.3 allows a malicious actor to bypass file integrity checks by measuring the time it takes for the decryption process to fail. This could potentially allow an attacker to decrypt files without the correct password. To fix this, update to a version of Mojic that uses a secure timing-safe comparison method or replace the vulnerable code with a constant-time comparison function.
What to do
- Update notamitgamer mojic to version 2.1.4.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| npm | notamitgamer | mojic |
<= 2.1.3 Fix: upgrade to 2.1.4
|
Original title
Mojic: Observable Timing Discrepancy in HMAC Verification
Original description
### Summary
The `CipherEngine` in Mojic v2.1.3 uses a standard equality operator (`!==`) to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy (CWE-208), allowing a potential attacker to bypass the file integrity check via a timing attack.
### Details
In `lib/CipherEngine.js`, the footer check validates the HMAC signature using a standard string comparison:
`if (footerHex !== calcDigest) { ... }`
Standard string comparisons in JavaScript short-circuit; they return `false` the moment a character mismatch occurs. Because the time taken to evaluate the comparison is proportional to the number of matching leading bytes, an attacker can measure the exact microseconds it takes for the engine to throw the `FILE_TAMPERED` error. By repeatedly altering the signature byte-by-byte and analyzing these minute timing differences, a malicious actor can theoretically forge a valid HMAC signature without possessing the decryption password.
### PoC
The vulnerable implementation is located in `lib/CipherEngine.js`, within the `getDecryptStream()` flush method (approximately line 265):
```javascript
// Vulnerable Code
if (footerHex !== calcDigest) {
this.emit('error', new Error("FILE_TAMPERED"));
return;
}
```
### Recommended Remediation:
Replace the standard equality operator with Node.js's built-in constant-time comparison utility, crypto.timingSafeEqual().
```JavaScript
// Remediated Code
const footerBuffer = Buffer.from(footerHex, 'hex');
const calcBuffer = Buffer.from(calcDigest, 'hex');
if (footerBuffer.length !== calcBuffer.length || !crypto.timingSafeEqual(footerBuffer, calcBuffer)) {
this.emit('error', new Error("FILE_TAMPERED"));
return;
}
```
### Impact
If successfully exploited, an attacker could tamper with the encrypted .mojic payload and forge a valid HMAC signature. This bypasses the integrity seal, tricking the decryption engine into processing maliciously injected emoji streams. Because the engine translates these emojis back into C keywords and raw data chunks, this could ultimately result in arbitrary Code Injection into the restored .c source code when an unsuspecting user decrypts the tampered file.
The `CipherEngine` in Mojic v2.1.3 uses a standard equality operator (`!==`) to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy (CWE-208), allowing a potential attacker to bypass the file integrity check via a timing attack.
### Details
In `lib/CipherEngine.js`, the footer check validates the HMAC signature using a standard string comparison:
`if (footerHex !== calcDigest) { ... }`
Standard string comparisons in JavaScript short-circuit; they return `false` the moment a character mismatch occurs. Because the time taken to evaluate the comparison is proportional to the number of matching leading bytes, an attacker can measure the exact microseconds it takes for the engine to throw the `FILE_TAMPERED` error. By repeatedly altering the signature byte-by-byte and analyzing these minute timing differences, a malicious actor can theoretically forge a valid HMAC signature without possessing the decryption password.
### PoC
The vulnerable implementation is located in `lib/CipherEngine.js`, within the `getDecryptStream()` flush method (approximately line 265):
```javascript
// Vulnerable Code
if (footerHex !== calcDigest) {
this.emit('error', new Error("FILE_TAMPERED"));
return;
}
```
### Recommended Remediation:
Replace the standard equality operator with Node.js's built-in constant-time comparison utility, crypto.timingSafeEqual().
```JavaScript
// Remediated Code
const footerBuffer = Buffer.from(footerHex, 'hex');
const calcBuffer = Buffer.from(calcDigest, 'hex');
if (footerBuffer.length !== calcBuffer.length || !crypto.timingSafeEqual(footerBuffer, calcBuffer)) {
this.emit('error', new Error("FILE_TAMPERED"));
return;
}
```
### Impact
If successfully exploited, an attacker could tamper with the encrypted .mojic payload and forge a valid HMAC signature. This bypasses the integrity seal, tricking the decryption engine into processing maliciously injected emoji streams. Because the engine translates these emojis back into C keywords and raw data chunks, this could ultimately result in arbitrary Code Injection into the restored .c source code when an unsuspecting user decrypts the tampered file.
ghsa CVSS3.1
4.7
Vulnerability type
CWE-208
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026