Source: security-advisories@github.com
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent share auth) token generation process allows these tokens to be mutually derivable. Specifically, both tokens are generated using the same `URLSafeTimedSerializer` with predictable inputs, enabling an unauthorized user who obtains the shared assistant/agent URL to derive the personal API key. This grants them full control over the assistant/agent owner's account. Version 0.22.0 fixes the issue.
RAGFlow, an open-source Retrieval-Augmented Generation engine, is vulnerable to a critical flaw where an attacker can derive a user's API key from a shared assistant/agent URL. This allows for complete account takeover, granting unauthorized access and control over the victim's RAGFlow instance and potentially sensitive data. The vulnerability stems from the insecure generation of API keys and share tokens, making them mutually derivable.
Step 1: Obtain Share Token: The attacker obtains a valid assistant/agent share token. This could be achieved through various means, such as phishing, social engineering, or by exploiting another vulnerability that leaks the share token.
Step 2: Identify Token Generation Method: The attacker analyzes the share token to determine the method used for its generation. Based on the vulnerability description, they identify that URLSafeTimedSerializer is used.
Step 3: Reverse Engineer API Key: Using the knowledge of the URLSafeTimedSerializer and the share token, the attacker attempts to reverse engineer the API key. This may involve brute-forcing, dictionary attacks, or analyzing the token's structure to identify patterns and predictable inputs.
Step 4: API Key Derivation: Due to the predictable inputs used in the token generation, the attacker successfully derives the API key.
Step 5: Account Takeover: The attacker uses the derived API key to authenticate to the RAGFlow instance, gaining full control over the victim's account, including access to their data, configurations, and the ability to modify or delete resources.
The vulnerability lies within RAGFlow's token generation process. The URLSafeTimedSerializer is used to create both API keys and assistant/agent share tokens. The flaw is that the serializer uses predictable inputs for both token types, specifically the same secret key and potentially similar timestamps or other easily guessable parameters. This allows an attacker who obtains a share token (e.g., from a phishing attack or social engineering) to reverse engineer the API key. The root cause is the lack of proper entropy and unique input parameters during the token generation process, leading to a predictable and easily exploitable relationship between the two token types. The use of a shared secret key for both token types is a critical design flaw. The predictable nature of the inputs to the serializer, combined with the shared secret, allows for the derivation of the API key from the share token.
No specific APT groups or malware families are directly linked to this vulnerability at this time. However, the potential for account takeover makes it attractive to various threat actors. The vulnerability could be leveraged for data exfiltration, service disruption, or further compromise of the victim's infrastructure. CISA KEV status: Not Applicable (as of this report).
Monitor RAGFlow server logs for unusual API key usage, especially from unexpected IP addresses or user agents.
Analyze network traffic for suspicious API calls to the RAGFlow instance, looking for patterns indicative of unauthorized access.
Implement intrusion detection rules to flag attempts to access sensitive resources using potentially compromised API keys.
Monitor for the creation of new users or modifications to existing user accounts within RAGFlow.
Review authentication logs for failed login attempts followed by successful logins using a derived API key.
Upgrade to RAGFlow version 0.22.0 or later.
If upgrading is not immediately possible, review the token generation code and implement a more secure method for generating API keys and share tokens. This should include the use of strong, randomly generated secrets and unique inputs for each token type.
Implement multi-factor authentication (MFA) for all user accounts to mitigate the impact of a compromised API key.
Regularly rotate API keys and share tokens.
Review and restrict the permissions assigned to API keys to minimize the potential damage from a compromised key.
Implement robust logging and monitoring to detect and respond to suspicious activity.