CVE-2023-50481

Root

Cause CVE-2023-50481 affects blinksocks version 3.3.8, where the component /presets/ssr-auth-chain.js employs weak encryption algorithms such as RC4 and uses fixed (non-random) initialization vectors (IV) for CBC and CFB modes [1][3]. This violates secure coding practices (CWE-329, CWE-1204) and can be exploited by remote attackers [3].

Exploitation

An attacker with network access to the proxy traffic can passively intercept communications. Because the encryption is deterministic due to the fixed IV and weak cipher, the attacker can decrypt the traffic without needing authentication or special privileges [3]. The vulnerability is located in multiple lines of ssr-auth-chain.js and ssr-auth-aes128.js [3][4].

Impact

Successful exploitation leads to information disclosure, potentially revealing all data transmitted through the blinksocks proxy, including credentials, personal data, or other sensitive information [1][4].

Mitigation

As of the publication date, no official patch has been released for this vulnerability [2][4]. Users are advised to upgrade to a newer version if available, or to avoid using version 3.3.8 and consider alternative secure proxy solutions.