MPP Multiple Payment Bypass and Griefing Vulnerabilities
Multiple vulnerabilities were discovered in mpp versions prior to 0.8.0 that allowed for payment bypass and griefing, including performing free charge and session requests, replaying existing charge requests, piggybacking and griefing existing session channels, manipulating fee payers, and replaying stripe charge requests.
The mpp crate, a Rust library, contains multiple critical vulnerabilities affecting versions prior to 0.8.0. These vulnerabilities allow for a range of malicious activities, including bypassing payment requirements, manipulating payment fees, and griefing existing sessions. Specifically, attackers can perform free tempo/charge and tempo/session requests, replay existing tempo/charge requests, piggyback off existing tempo/session channels, grief existing tempo/session channels, manipulate the fee payer, and replay existing stripe/charge requests. Given the severity of these issues, organizations utilizing mpp in their payment processing systems are at significant risk. Upgrade to version 0.8.0 is the only remediation.
Attack Chain
- An attacker identifies a vulnerable
mppinstance running a version prior to 0.8.0. - The attacker crafts a
tempo/chargerequest, exploiting the vulnerability to bypass payment verification. - The attacker sends the crafted request to the
mppinstance, resulting in a free charge. - Alternatively, the attacker replays a previously valid
tempo/chargerequest, bypassing payment verification. - The attacker exploits the
tempo/sessionvulnerability to gain unauthorized access to an existing session. - The attacker piggybacks off the existing
tempo/sessionchannel for malicious purposes. - The attacker can also grief the
tempo/sessionchannel, disrupting legitimate user activity. - The attacker may also manipulate the fee payer information within tempo or stripe charge/session handlers to force another party to pay for their requests.
Impact
Successful exploitation of these vulnerabilities can lead to significant financial losses due to payment bypass. Attackers can perform unauthorized transactions, manipulate fees, and disrupt legitimate services. The absence of available workarounds prior to patching amplifies the risk. Organizations utilizing the vulnerable versions of mpp are exposed to potential fraud and service disruption. The severity is considered critical due to the direct impact on payment processing integrity and potential for widespread abuse.
Recommendation
- Immediately upgrade
mppto version 0.8.0 to remediate the vulnerabilities. - Implement network monitoring to detect and block replay attacks targeting
tempo/chargeorstripe/chargerequests. - Review logs for unexpected free
tempo/chargeortempo/sessionrequests after patching. - Monitor payment gateways for unusual activity, such as manipulated fee payers.
Detection coverage 2
Detect suspicious tempo/charge requests
highDetects suspicious tempo/charge requests indicative of payment bypass vulnerabilities.
Detect suspicious tempo/session requests
highDetects suspicious tempo/session requests indicative of payment bypass vulnerabilities.
Detection queries are available on the platform. Get full rules →