CVE-2025-13353
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-02

Last updated on: 2025-12-15

Assigner: Cloudflare, Inc.

Description
In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the -s option). Even if the input seed file stays the same, version 0.2.0 gokey will generate different secrets. Impact This vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the -s option). Keys/secrets generated just from the master password (without the -s option) are not impacted. The confidentiality of the seed itself is also not impacted (it is not required to regenerate the seed itself). Specific impact includes: * keys/secrets generated from a seed file may have lower entropy: it was expected that the whole seed would be used to generate keys (240 bytes of entropy input), where in vulnerable versions only 28 bytes was used * a malicious entity could have recovered all passwords, generated from a particular seed, having only the seed file in possession without the knowledge of the seed master password Patches The code logic bug has been fixed in gokey version 0.2.0 and above. Due to the deterministic nature of gokey, fixed versions will produce different passwords/secrets using seed files, as all seed entropy will be used now. System secret rotation guidance It is advised for users to regenerate passwords/secrets using the patched version of gokey (0.2.0 and above), and provision/rotate these secrets into respective systems in place of the old secret. A specific rotation procedure is system-dependent, but most common patterns are described below. Systems that do not require the old password/secret for rotation Such systems usually have a "Forgot password" facility or a similar facility allowing users to rotate their password/secrets by sending a unique "magic" link to the user's email or phone. In such cases users are advised to use this facility and input the newly generated password secret, when prompted by the system. Systems that require the old password/secret for rotation Such systems usually have a modal password rotation window usually in the user settings section requiring the user to input the old and the new password sometimes with a confirmation. To generate/recover the old password in such cases users are advised to: * temporarily download gokey version 0.1.3 https://github.com/cloudflare/gokey/releases/tag/v0.1.3 for their respective operating system to recover the old password * use gokey version 0.2.0 or above to generate the new password * populate the system provided password rotation form Systems that allow multiple credentials for the same account to be provisioned Such systems usually require a secret or a cryptographic key as a credential for access, but allow several credentials at the same time. One example is SSH: a particular user may have several authorized public keys configured on the SSH server for access. For such systems users are advised to: * generate a new secret/key/credential using gokey version 0.2.0 or above * provision the new secret/key/credential in addition to the existing credential on the system * verify that the access or required system operation is still possible with the new secret/key/credential * revoke authorization for the existing/old credential from the system Credit This vulnerability was found by ThΓ©o Cusnir ( @mister_mime https://hackerone.com/mister_mime ) and responsibly disclosed through Cloudflare's bug bounty program.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-02
Last Modified
2025-12-15
Generated
2026-05-06
AI Q&A
2025-12-02
EPSS Evaluated
2026-05-05
NVD
CVE-2025-13353
EUVD
EUVD-2025-200219
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cloudflare gokey to 0.2.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-330 The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in gokey versions prior to 0.2.0 is due to a flaw in the seed decryption logic where passwords were incorrectly derived only from the initial vector and the AES-GCM authentication tag of the key seed, rather than using the full seed entropy. This caused keys and secrets generated from a seed file to have significantly lower entropy (only 28 bytes used instead of the expected 240 bytes), making them weaker and potentially recoverable by an attacker who has the seed file without needing the master password.


How can this vulnerability impact me? :

The vulnerability can impact you by producing keys and secrets with lower entropy when generated from a seed file, making them easier to recover by a malicious entity who possesses the seed file. This compromises the security of passwords and secrets generated using the seed file (-s option). However, keys/secrets generated solely from the master password (without the seed file) are not affected. Users must regenerate and rotate their secrets using gokey version 0.2.0 or above to ensure security.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by identifying if gokey versions prior to 0.2.0 are used to generate keys/secrets from a seed file (using the -s option). There are no specific network detection commands provided. To check the gokey version installed, you can run the command: `gokey --version`. If the version is less than 0.2.0 and the -s option was used for key generation, the system is vulnerable.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include upgrading gokey to version 0.2.0 or above, regenerating all passwords/secrets using the patched version, and rotating these secrets in the respective systems. Depending on the system's password rotation capabilities, users should either use the 'Forgot password' facility, use the old password recovery method with gokey version 0.1.3 if required, or provision multiple credentials and revoke old ones as appropriate.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart