HIGH token leakagefiberhmac signatures

Token Leakage in Fiber with Hmac Signatures

Scan for token leakage in fiber

Token Leakage in Fiber with Hmac Signatures — how this specific combination creates or exposes the vulnerability

Token leakage occurs when authentication tokens or session identifiers are unintentionally exposed in logs, URLs, or error messages. In Fiber, using Hmac Signatures for request authentication can inadvertently expose tokens when developers embed tokens in query parameters or headers that are later logged or reflected. Because Hmac Signatures typically rely on a shared secret and a deterministic hash of the request components, any token that travels in an unprotected part of the request becomes reachable if an endpoint reflects that input or logs raw query strings.

For example, if a Fiber route reads a token from a query parameter and passes it into the signature base string, an attacker who can cause the server to log or echo that parameter may obtain the token. Additionally, if the Hmac verification logic is implemented in a way that leaks the raw token through error messages (e.g., signature mismatch details that include the received token), the confidentiality of the token is compromised. This is especially risky when endpoints also expose OpenAPI/Swagger specs without filtering sensitive parameters, because the spec may implicitly document the token’s presence in URLs.

During a black-box scan, middleBrick tests inputs that reach endpoints and checks whether tokens appear in responses, logs, or error payloads. It also cross-references the OpenAPI specification to see whether parameters marked as sensitive are reflected in paths or query strings. Since the scan runs unauthenticated and tests the active attack surface, it can identify endpoints where token leakage is plausible via Hmac Signatures usage. The LLM/AI Security checks further probe whether system prompt formats or error handling might inadvertently surface token-like values in model outputs or logs.

To mitigate this class of issue, ensure tokens never enter the query string or response-reachable headers when Hmac Signatures are used. Instead, transmit tokens only in HTTP-only, Secure cookies or in the Authorization header using a bearer scheme, and ensure the Hmac base string excludes sensitive token values that should remain opaque. Validate and sanitize all inputs that participate in signature generation, and avoid including raw tokens in logs or error details. middleBrick’s findings include prioritized guidance on how to isolate token handling from the signature computation and how to structure requests so that sensitive values are not reflected in any part of the observable API surface.

Hmac Signatures-Specific Remediation in Fiber — concrete code fixes

Remediation focuses on ensuring tokens are not part of the data used to compute or verify Hmac Signatures and that tokens are transmitted over strictly controlled channels. The following examples show a secure pattern in Fiber where the token is conveyed via an Authorization header and excluded from the signature base string.

import { App, Context } from 'https://deno.land/x/fiber@v2.0.0/mod.ts';

const app = new App();

// Middleware to extract token and compute/verify Hmac without exposing it
app.use((ctx: Context, next: () => Promise) => {
  const auth = ctx.request.header('Authorization');
  if (!auth || !auth.startsWith('Bearer ')) {
    ctx.throw(401, 'Authorization header missing');
  }
  const token = auth.slice(7); // Remove 'Bearer '
  // Store token securely for downstream use; do not include it in signature base
  ctx.set('x-auth-token', token);
  return next();
});

// Example endpoint that validates Hmac signature, excluding the token from the signed payload
app.post('/webhook', (ctx: Context) => {
  const signatureHeader = ctx.request.header('X-Hub-Signature-256');
  const token = ctx.get('x-auth-token');
  const body = ctx.request.body({ type: 'json' });
  const payload = JSON.stringify(body.value);
  const secret = Deno.env.get('HMAC_SECRET');
  if (!secret) {
    ctx.throw(500, 'Server misconfiguration: missing secret');
  }
  const expected = 'sha256=' + crypto.subtle.sign('HMAC', secret, new TextEncoder().encode(payload));
    // Note: In practice, use a well-audited Hmac utility to compare signatures in constant time
  if (signatureHeader !== expected) {
    ctx.throw(401, 'Invalid signature');
  }
  // Token is available for business logic but not part of the signed string
  ctx.body = { received: true, tokenPresent: !!token };
});

Key points in the remediation:

  • Extract the token from the Authorization header and avoid reading it from query parameters or the request path.
  • Do not include the raw token value in the string that is signed; sign only the necessary, non-sensitive parts of the request (e.g., selected headers and the body).
  • Use constant-time comparison for Hmac verification to prevent timing attacks.
  • Ensure error messages do not echo the token or include details that could aid an attacker in correlating tokens with signatures.
  • Leverage middleware to centralize token extraction and validation so that all endpoints consistently handle the token and the Hmac verification logic.

When using OpenAPI specifications, mark token parameters as sensitive and avoid reflecting them in paths or examples. middleBrick’s CLI can scan your Fiber project and highlight endpoints where tokens appear in query strings or where Hmac bases include potentially sensitive inputs, helping you align implementation with best practices.

Scan for token leakage in fiber Free API security scan

Frequently Asked Questions

Can token leakage happen even when Hmac Signatures are used correctly?
Yes. If tokens are placed in query strings, logs, error messages, or reflected responses, they can leak independently of how Hmac Signatures are computed. Hmac protects integrity of the request but does not prevent accidental exposure of tokens through other channels.
Does middleBrick detect token leakage in Hmac-protected endpoints?
Yes. middleBrick tests unauthenticated attack surfaces, checks for token presence in responses and logs, and cross-references OpenAPI specs to identify parameters that should not be exposed, including when Hmac Signatures are used.

Related Pages

Token Leakage in FiberHow token leakage manifests in Fiber applications, detection methods, and remediation techniques using Fiber's native feToken Leakage with Hmac SignaturesLearn how HMAC signature tokens leak through logging, timing oracles, and network capture, with specific detection methoToken Leakage in Fiber on GcpToken leakage in Fiber on GCP: causes, detection, and GCP-specific fixes including header redaction and Secret Manager.Token Leakage in Fiber on KubernetesToken leakage in Fiber on Kubernetes: causes, real config examples, and hardening steps to reduce exposure.Token Leakage in Fiber on NetlifyLearn how token leakage occurs in Fiber apps on Netlify and apply concrete Netlify function fixes to protect authenticatToken Leakage in Fiber on CloudflareDetect and remediate token leakage in Fiber apps behind Cloudflare with secure cookie policies, error handling, and CI/COwasp Api Top 10: Token Leakage in FiberExplore token leakage in OWASP API Top 10 with Fiber, including secure error handling and cookie configuration examples.Hipaa: Token Leakage in FiberHipaa: Token Leakage in FiberGdpr: Token Leakage in FiberUnderstand token leakage with GDPR in Fiber APIs and apply concrete Fiber code fixes to protect personal data and complyNist: Token Leakage in FiberExplore token leakage in Fiber APIs through NIST guidelines. See how middleBrick detects exposure and apply Fiber-specifToken Leakage in Fiber with DynamodbToken leakage in Fiber with DynamoDB: causes, real code fixes, and remediation patterns to prevent exposure.Token Leakage in Fiber with CockroachdbExplore token leakage risks when Fiber uses CockroachDB, with concrete remediation code and insights from middleBrick sc