Headline
GHSA-gr79-9v6v-gc9r: Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
Summary
Dex 2.37.0 is serving HTTPS with insecure TLS 1.0 and TLS 1.1.
Details
While working on https://github.com/dexidp/dex/issues/2848 and implementing configurable TLS support, I noticed my changes did not have any effect in TLS config, so I started investigating.
https://github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425 is seemingly setting TLS 1.2 as minimum version, but the whole tlsConfig is ignored after “TLS cert reloader” was introduced in https://github.com/dexidp/dex/pull/2964. Configured cipher suites are not respected either, as seen on the output.
PoC
Build Dex, generate certs with gencert.sh, modify config.dev.yaml to run on https, using generated certs.
issuer: http://127.0.0.1:5556/dex
storage:
type: sqlite3
config:
file: dex.db
web:
https: 127.0.0.1:5556
tlsCert: examples/k8s/ssl/cert.pem
tlsKey: examples/k8s/ssl/key.pem
<rest as default>
Run dex bin/dex serve config.dev.yaml.
Install sslyze, easy to use SSL connection analyzer:
pip3 install sslyze
sslyze 127.0.0.1:5556
In Dex 2.37.0, TLS 1.0 and TLS 1.1 are enabled in addition to expected TLS 1.2 and TLS 1.3.
* TLS 1.0 Cipher Suites:
Attempted to connect using 80 cipher suites.
The server accepted the following 6 cipher suites:
TLS_RSA_WITH_AES_256_CBC_SHA 256
TLS_RSA_WITH_AES_128_CBC_SHA 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA 168
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 168 ECDH: prime256v1 (256 bits)
The group of cipher suites supported by the server has the following properties:
Forward Secrecy OK - Supported
Legacy RC4 Algorithm OK - Not Supported
* TLS 1.1 Cipher Suites:
Attempted to connect using 80 cipher suites.
The server accepted the following 6 cipher suites:
TLS_RSA_WITH_AES_256_CBC_SHA 256
TLS_RSA_WITH_AES_128_CBC_SHA 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA 168
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 168 ECDH: prime256v1 (256 bits)
The group of cipher suites supported by the server has the following properties:
Forward Secrecy OK - Supported
Legacy RC4 Algorithm OK - Not Supported
* TLS 1.2 Cipher Suites:
Attempted to connect using 156 cipher suites.
The server accepted the following 11 cipher suites:
TLS_RSA_WITH_AES_256_GCM_SHA384 256
TLS_RSA_WITH_AES_256_CBC_SHA 256
TLS_RSA_WITH_AES_128_GCM_SHA256 128
TLS_RSA_WITH_AES_128_CBC_SHA 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA 168
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 ECDH: X25519 (253 bits)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 168 ECDH: prime256v1 (256 bits)
The group of cipher suites supported by the server has the following properties:
Forward Secrecy OK - Supported
Legacy RC4 Algorithm OK - Not Supported
* TLS 1.3 Cipher Suites:
Attempted to connect using 5 cipher suites.
The server accepted the following 3 cipher suites:
TLS_CHACHA20_POLY1305_SHA256 256 ECDH: X25519 (253 bits)
TLS_AES_256_GCM_SHA384 256 ECDH: X25519 (253 bits)
TLS_AES_128_GCM_SHA256 128 ECDH: X25519 (253 bits)
In Dex 2.36.0, TLS 1.0 and TLS 1.1 are disabled as expected.
* TLS 1.0 Cipher Suites:
Attempted to connect using 80 cipher suites; the server rejected all cipher suites.
* TLS 1.1 Cipher Suites:
Attempted to connect using 80 cipher suites; the server rejected all cipher suites.
* TLS 1.2 Cipher Suites:
Attempted to connect using 156 cipher suites.
The server accepted the following 5 cipher suites:
TLS_RSA_WITH_AES_256_GCM_SHA384 256
TLS_RSA_WITH_AES_128_GCM_SHA256 128
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 ECDH: X25519 (253 bits)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 ECDH: prime256v1 (256 bits)
The group of cipher suites supported by the server has the following properties:
Forward Secrecy OK - Supported
Legacy RC4 Algorithm OK - Not Supported
* TLS 1.3 Cipher Suites:
Attempted to connect using 5 cipher suites.
The server accepted the following 3 cipher suites:
TLS_CHACHA20_POLY1305_SHA256 256 ECDH: X25519 (253 bits)
TLS_AES_256_GCM_SHA384 256 ECDH: X25519 (253 bits)
Impact
TLS 1.0 and TLS 1.1 connections can be decrypted by the attacker, and hence decrypt the traffic to Dex.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-23656
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
High severity GitHub Reviewed Published Jan 25, 2024 in dexidp/dex • Updated Jan 26, 2024
Package
gomod github.com/dexidp/dex (Go)
Affected versions
= 2.37.0
Summary
Dex 2.37.0 is serving HTTPS with insecure TLS 1.0 and TLS 1.1.
Details
While working on dexidp/dex#2848 and implementing configurable TLS support, I noticed my changes did not have any effect in TLS config, so I started investigating.
https://github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425 is seemingly setting TLS 1.2 as minimum version, but the whole tlsConfig is ignored after “TLS cert reloader” was introduced in dexidp/dex#2964. Configured cipher suites are not respected either, as seen on the output.
PoC
Build Dex, generate certs with gencert.sh, modify config.dev.yaml to run on https, using generated certs.
issuer: http://127.0.0.1:5556/dex
storage: type: sqlite3 config: file: dex.db
web: https: 127.0.0.1:5556 tlsCert: examples/k8s/ssl/cert.pem tlsKey: examples/k8s/ssl/key.pem
<rest as default>
Run dex bin/dex serve config.dev.yaml.
Install sslyze, easy to use SSL connection analyzer:
pip3 install sslyze sslyze 127.0.0.1:5556
In Dex 2.37.0, TLS 1.0 and TLS 1.1 are enabled in addition to expected TLS 1.2 and TLS 1.3.
* TLS 1.0 Cipher Suites: Attempted to connect using 80 cipher suites.
The server accepted the following 6 cipher suites:
TLS\_RSA\_WITH\_AES\_256\_CBC\_SHA 256
TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA 128
TLS\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA 168
TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA 256 ECDH: prime256v1 (256 bits)
TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA 128 ECDH: prime256v1 (256 bits)
TLS\_ECDHE\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA 168 ECDH: prime256v1 (256 bits)
The group of cipher suites supported by the server has the following properties:
Forward Secrecy OK - Supported
Legacy RC4 Algorithm OK - Not Supported
* TLS 1.1 Cipher Suites: Attempted to connect using 80 cipher suites.
The server accepted the following 6 cipher suites:
TLS\_RSA\_WITH\_AES\_256\_CBC\_SHA 256
TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA 128
TLS\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA 168
TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA 256 ECDH: prime256v1 (256 bits)
TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA 128 ECDH: prime256v1 (256 bits)
TLS\_ECDHE\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA 168 ECDH: prime256v1 (256 bits)
The group of cipher suites supported by the server has the following properties:
Forward Secrecy OK - Supported
Legacy RC4 Algorithm OK - Not Supported
* TLS 1.2 Cipher Suites: Attempted to connect using 156 cipher suites.
The server accepted the following 11 cipher suites:
TLS\_RSA\_WITH\_AES\_256\_GCM\_SHA384 256
TLS\_RSA\_WITH\_AES\_256\_CBC\_SHA 256
TLS\_RSA\_WITH\_AES\_128\_GCM\_SHA256 128
TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA 128
TLS\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA 168
TLS\_ECDHE\_RSA\_WITH\_CHACHA20\_POLY1305\_SHA256 256 ECDH: X25519 (253 bits)
TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384 256 ECDH: prime256v1 (256 bits)
TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA 256 ECDH: prime256v1 (256 bits)
TLS\_ECDHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256 128 ECDH: prime256v1 (256 bits)
TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA 128 ECDH: prime256v1 (256 bits)
TLS\_ECDHE\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA 168 ECDH: prime256v1 (256 bits)
The group of cipher suites supported by the server has the following properties:
Forward Secrecy OK - Supported
Legacy RC4 Algorithm OK - Not Supported
* TLS 1.3 Cipher Suites: Attempted to connect using 5 cipher suites.
The server accepted the following 3 cipher suites:
TLS\_CHACHA20\_POLY1305\_SHA256 256 ECDH: X25519 (253 bits)
TLS\_AES\_256\_GCM\_SHA384 256 ECDH: X25519 (253 bits)
TLS\_AES\_128\_GCM\_SHA256 128 ECDH: X25519 (253 bits)
In Dex 2.36.0, TLS 1.0 and TLS 1.1 are disabled as expected.
* TLS 1.0 Cipher Suites: Attempted to connect using 80 cipher suites; the server rejected all cipher suites.
* TLS 1.1 Cipher Suites: Attempted to connect using 80 cipher suites; the server rejected all cipher suites.
* TLS 1.2 Cipher Suites: Attempted to connect using 156 cipher suites.
The server accepted the following 5 cipher suites:
TLS\_RSA\_WITH\_AES\_256\_GCM\_SHA384 256
TLS\_RSA\_WITH\_AES\_128\_GCM\_SHA256 128
TLS\_ECDHE\_RSA\_WITH\_CHACHA20\_POLY1305\_SHA256 256 ECDH: X25519 (253 bits)
TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384 256 ECDH: prime256v1 (256 bits)
TLS\_ECDHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256 128 ECDH: prime256v1 (256 bits)
The group of cipher suites supported by the server has the following properties:
Forward Secrecy OK - Supported
Legacy RC4 Algorithm OK - Not Supported
* TLS 1.3 Cipher Suites: Attempted to connect using 5 cipher suites.
The server accepted the following 3 cipher suites:
TLS\_CHACHA20\_POLY1305\_SHA256 256 ECDH: X25519 (253 bits)
TLS\_AES\_256\_GCM\_SHA384 256 ECDH: X25519 (253 bits)
Impact
TLS 1.0 and TLS 1.1 connections can be decrypted by the attacker, and hence decrypt the traffic to Dex.
References
- GHSA-gr79-9v6v-gc9r
- https://nvd.nist.gov/vuln/detail/CVE-2024-23656
- dexidp/dex#2848
- dexidp/dex#2964
- dexidp/dex@5bbdb44
- https://github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425
Published to the GitHub Advisory Database
Jan 26, 2024
Last updated
Jan 26, 2024