CVE-2023-43617
Description
An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Croc file transfer utility before 9.6.5 leaks parts of a custom shared secret to the untrusted relay through the room name construction.
Vulnerability
Croc is a command-line tool for peer-to-peer encrypted file transfers using a relay server. CVE-2023-43617 describes an information disclosure flaw in Croc through version 9.6.5. When a custom shared secret is used for end-to-end encryption, the protocol composes a room name from that secret. This room name is sent to the relay server, potentially leaking portions of the secret to the untrusted relay [1][2].
Exploitation
The attack requires an attacker who controls the relay server used by the sender and receiver. No authentication is needed beyond the relay receiving the room name as part of normal transfer setup. The sender and receiver both send the room name derived from the shared secret, so both sides leak the same information [1].
Impact
An attacker controlling the relay can recover parts of the custom shared secret. This weakens the end-to-end encryption, potentially allowing the attacker to decrypt transferred files or inject malicious content. The disclosure does not completely reveal the secret, but partial knowledge reduces the effective keyspace [1][2].
Mitigation
As of September 2023, no official fix was released. A pull request (#699) proposes using a hash of the shared secret for the room name instead of the secret itself [3]. Users are advised to avoid using custom shared secrets over untrusted relays until a patched version is available [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/schollz/croc/v9Go | < 9.6.16 | 9.6.16 |
Affected products
4- Croc/Crocdescription
- osv-coords3 versions
< 10.0.0-r0+ 2 more
- (no CPE)range: < 10.0.0-r0
- (no CPE)range: < 10.0.0-r0
- (no CPE)range: < 9.6.16
Patches
10f1ca436cd8eMerge pull request #699 from schollz/issue596
2 files changed · +15 −6
src/croc/croc.go+14 −5 modified@@ -3,7 +3,9 @@ package croc import ( "bytes" "crypto/rand" + "crypto/sha256" "encoding/binary" + "encoding/hex" "encoding/json" "fmt" "io" @@ -57,6 +59,7 @@ func Debug(debug bool) { type Options struct { IsSender bool SharedSecret string + RoomName string Debug bool RelayAddress string RelayAddress6 string @@ -188,6 +191,12 @@ func New(ops Options) (c *Client, err error) { err = fmt.Errorf("code is too short") return } + // Create a hash of part of the shared secret to use as the room name + // add the current day and "croc" to the shared secret to make more resistant + // to rainbow tables + hashExtra := "croc" + time.Now().Format("2006-01-02") + roomNameBytes := sha256.Sum256([]byte(c.Options.SharedSecret[:4] + hashExtra)) + c.Options.RoomName = hex.EncodeToString(roomNameBytes[:]) c.conn = make([]*comm.Comm, 16) @@ -582,7 +591,7 @@ func (c *Client) transferOverLocalRelay(errchan chan<- error) { time.Sleep(500 * time.Millisecond) log.Debug("establishing connection") var banner string - conn, banner, ipaddr, err := tcp.ConnectToTCPServer("127.0.0.1:"+c.Options.RelayPorts[0], c.Options.RelayPassword, c.Options.SharedSecret[:3]) + conn, banner, ipaddr, err := tcp.ConnectToTCPServer("127.0.0.1:"+c.Options.RelayPorts[0], c.Options.RelayPassword, c.Options.RoomName) log.Debugf("banner: %s", banner) if err != nil { err = fmt.Errorf("could not connect to 127.0.0.1:%s: %w", c.Options.RelayPorts[0], err) @@ -670,7 +679,7 @@ func (c *Client) Send(filesInfo []FileInfo, emptyFoldersToTransfer []FileInfo, t log.Debugf("got host '%v' and port '%v'", host, port) address = net.JoinHostPort(host, port) log.Debugf("trying connection to %s", address) - conn, banner, ipaddr, err = tcp.ConnectToTCPServer(address, c.Options.RelayPassword, c.Options.SharedSecret[:3], durations[i]) + conn, banner, ipaddr, err = tcp.ConnectToTCPServer(address, c.Options.RelayPassword, c.Options.RoomName, durations[i]) if err == nil { c.Options.RelayAddress = address break @@ -867,7 +876,7 @@ func (c *Client) Receive() (err error) { log.Debugf("got host '%v' and port '%v'", host, port) address = net.JoinHostPort(host, port) log.Debugf("trying connection to %s", address) - c.conn[0], banner, c.ExternalIP, err = tcp.ConnectToTCPServer(address, c.Options.RelayPassword, c.Options.SharedSecret[:3], durations[i]) + c.conn[0], banner, c.ExternalIP, err = tcp.ConnectToTCPServer(address, c.Options.RelayPassword, c.Options.RoomName, durations[i]) if err == nil { c.Options.RelayAddress = address break @@ -925,7 +934,7 @@ func (c *Client) Receive() (err error) { } serverTry := net.JoinHostPort(ip, port) - conn, banner2, externalIP, errConn := tcp.ConnectToTCPServer(serverTry, c.Options.RelayPassword, c.Options.SharedSecret[:3], 500*time.Millisecond) + conn, banner2, externalIP, errConn := tcp.ConnectToTCPServer(serverTry, c.Options.RelayPassword, c.Options.RoomName, 500*time.Millisecond) if errConn != nil { log.Debug(errConn) log.Debugf("could not connect to " + serverTry) @@ -1291,7 +1300,7 @@ func (c *Client) processMessagePake(m message.Message) (err error) { c.conn[j+1], _, _, err = tcp.ConnectToTCPServer( server, c.Options.RelayPassword, - fmt.Sprintf("%s-%d", utils.SHA256(c.Options.SharedSecret[:5])[:6], j), + fmt.Sprintf("%s-%d", c.Options.RoomName, j), ) if err != nil { panic(err)
src/tcp/tcp.go+1 −1 modified@@ -516,7 +516,7 @@ func ConnectToTCPServer(address, password, room string, timelimit ...time.Durati } banner = strings.Split(string(data), "|||")[0] ipaddr = strings.Split(string(data), "|||")[1] - log.Debug("sending room") + log.Debugf("sending room; %s", room) bSend, err = crypt.Encrypt([]byte(room), strongKeyForEncryption) if err != nil { log.Debug(err)
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-hp56-xvf4-g6wrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-43617ghsaADVISORY
- www.openwall.com/lists/oss-security/2023/09/21/5ghsamailing-listWEB
- github.com/schollz/croc/commit/0f1ca436cd8e608738da0b23bf594537cfbe6213ghsaWEB
- github.com/schollz/croc/issues/596ghsaWEB
- github.com/schollz/croc/pull/699ghsaWEB
- www.openwall.com/lists/oss-security/2023/09/08/2ghsaWEB
News mentions
0No linked articles in our index yet.