CodeQL query to detect weak (duplicated) encryption keys for ASP.NET Telerik Upload

[cldrn]

Report

ASP.NET Telerik upload allows developers to easily manage file uploads. The transmission between the client and the server must be encrypted and impossible to decode, so the data cannot be used by a malicious entity in an attack against the server. The main security recommendation for Telerik is setting custom unique strong random values for Telerik.AsyncUpload.ConfigurationEncryptionKey and Telerik.Upload.ConfigurationHashKey. This checks corresponds to CWE-310 which didn't exist previously in QL and corresponds to cryptographic errors.

• https://docs.telerik.com/devtools/aspnet-ajax/controls/asyncupload/security
• https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness
• https://captmeelo.com/pentest/2018/08/03/pwning-with-telerik.html

CodeQL query PR: github/codeql#2359

[xcorail]

Hi @cldrn

Thanks for the submission! We have reviewed your report and validated your findings. After internally assessing the findings and the query we have determined this query is too bespoke to make it into our standard query suite, and not eligible for a reward under the Bug Bounty program. We only award higher quality queries as part of the program with attribution on our Bug Bounty site and a payout between $500 and $3,000.

Even though this issue was assessed as being ineligible, we appreciate you bringing it to our attention. We merged it into the public Security Lab repo as part of the community queries here, and would still like to offer you $500.

Best regards and happy hacking!
Xavier, for the GitHub Security Lab

[xcorail]

Payment order sent 🎉