Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-gr79-9v6v-gc9r: Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers

Summary

Dex 2.37.0 is serving HTTPS with insecure TLS 1.0 and TLS 1.1.

Details

While working on https://github.com/dexidp/dex/issues/2848 and implementing configurable TLS support, I noticed my changes did not have any effect in TLS config, so I started investigating.

https://github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425 is seemingly setting TLS 1.2 as minimum version, but the whole tlsConfig is ignored after “TLS cert reloader” was introduced in https://github.com/dexidp/dex/pull/2964. Configured cipher suites are not respected either, as seen on the output.

PoC

Build Dex, generate certs with gencert.sh, modify config.dev.yaml to run on https, using generated certs.

issuer: http://127.0.0.1:5556/dex

storage:
  type: sqlite3
  config:
    file: dex.db

web:
  https: 127.0.0.1:5556
  tlsCert: examples/k8s/ssl/cert.pem
  tlsKey: examples/k8s/ssl/key.pem

<rest as default>

Run dex bin/dex serve config.dev.yaml.

Install sslyze, easy to use SSL connection analyzer:

pip3 install sslyze
sslyze 127.0.0.1:5556

In Dex 2.37.0, TLS 1.0 and TLS 1.1 are enabled in addition to expected TLS 1.2 and TLS 1.3.

 * TLS 1.0 Cipher Suites:
     Attempted to connect using 80 cipher suites.

     The server accepted the following 6 cipher suites:
        TLS_RSA_WITH_AES_256_CBC_SHA                      256                      
        TLS_RSA_WITH_AES_128_CBC_SHA                      128                      
        TLS_RSA_WITH_3DES_EDE_CBC_SHA                     168                      
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                128       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA               168       ECDH: prime256v1 (256 bits)

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    OK - Supported
       Legacy RC4 Algorithm               OK - Not Supported


 * TLS 1.1 Cipher Suites:
     Attempted to connect using 80 cipher suites.

     The server accepted the following 6 cipher suites:
        TLS_RSA_WITH_AES_256_CBC_SHA                      256                      
        TLS_RSA_WITH_AES_128_CBC_SHA                      128                      
        TLS_RSA_WITH_3DES_EDE_CBC_SHA                     168                      
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                128       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA               168       ECDH: prime256v1 (256 bits)

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    OK - Supported
       Legacy RC4 Algorithm               OK - Not Supported


 * TLS 1.2 Cipher Suites:
     Attempted to connect using 156 cipher suites.

     The server accepted the following 11 cipher suites:
        TLS_RSA_WITH_AES_256_GCM_SHA384                   256                      
        TLS_RSA_WITH_AES_256_CBC_SHA                      256                      
        TLS_RSA_WITH_AES_128_GCM_SHA256                   128                      
        TLS_RSA_WITH_AES_128_CBC_SHA                      128                      
        TLS_RSA_WITH_3DES_EDE_CBC_SHA                     168                      
        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256       256       ECDH: X25519 (253 bits)
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384             256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             128       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                128       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA               168       ECDH: prime256v1 (256 bits)

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    OK - Supported
       Legacy RC4 Algorithm               OK - Not Supported


 * TLS 1.3 Cipher Suites:
     Attempted to connect using 5 cipher suites.

     The server accepted the following 3 cipher suites:
        TLS_CHACHA20_POLY1305_SHA256                      256       ECDH: X25519 (253 bits)
        TLS_AES_256_GCM_SHA384                            256       ECDH: X25519 (253 bits)
        TLS_AES_128_GCM_SHA256                            128       ECDH: X25519 (253 bits)

In Dex 2.36.0, TLS 1.0 and TLS 1.1 are disabled as expected.

 * TLS 1.0 Cipher Suites:
     Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

 * TLS 1.1 Cipher Suites:
     Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

 * TLS 1.2 Cipher Suites:
     Attempted to connect using 156 cipher suites.

     The server accepted the following 5 cipher suites:
        TLS_RSA_WITH_AES_256_GCM_SHA384                   256                      
        TLS_RSA_WITH_AES_128_GCM_SHA256                   128                      
        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256       256       ECDH: X25519 (253 bits)
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384             256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             128       ECDH: prime256v1 (256 bits)

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    OK - Supported
       Legacy RC4 Algorithm               OK - Not Supported


 * TLS 1.3 Cipher Suites:
     Attempted to connect using 5 cipher suites.

     The server accepted the following 3 cipher suites:
        TLS_CHACHA20_POLY1305_SHA256                      256       ECDH: X25519 (253 bits)
        TLS_AES_256_GCM_SHA384                            256       ECDH: X25519 (253 bits)

Impact

TLS 1.0 and TLS 1.1 connections can be decrypted by the attacker, and hence decrypt the traffic to Dex.

ghsa
#sql#web#git#kubernetes#ssl
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-23656

Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers

High severity GitHub Reviewed Published Jan 25, 2024 in dexidp/dex • Updated Jan 26, 2024

Package

gomod github.com/dexidp/dex (Go)

Affected versions

= 2.37.0

Summary

Dex 2.37.0 is serving HTTPS with insecure TLS 1.0 and TLS 1.1.

Details

While working on dexidp/dex#2848 and implementing configurable TLS support, I noticed my changes did not have any effect in TLS config, so I started investigating.

https://github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425 is seemingly setting TLS 1.2 as minimum version, but the whole tlsConfig is ignored after “TLS cert reloader” was introduced in dexidp/dex#2964. Configured cipher suites are not respected either, as seen on the output.

PoC

Build Dex, generate certs with gencert.sh, modify config.dev.yaml to run on https, using generated certs.

issuer: http://127.0.0.1:5556/dex

storage: type: sqlite3 config: file: dex.db

web: https: 127.0.0.1:5556 tlsCert: examples/k8s/ssl/cert.pem tlsKey: examples/k8s/ssl/key.pem

<rest as default>

Run dex bin/dex serve config.dev.yaml.

Install sslyze, easy to use SSL connection analyzer:

pip3 install sslyze sslyze 127.0.0.1:5556

In Dex 2.37.0, TLS 1.0 and TLS 1.1 are enabled in addition to expected TLS 1.2 and TLS 1.3.

* TLS 1.0 Cipher Suites: Attempted to connect using 80 cipher suites.

 The server accepted the following 6 cipher suites:
    TLS\_RSA\_WITH\_AES\_256\_CBC\_SHA                      256                      
    TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA                      128                      
    TLS\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA                     168                      
    TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA                256       ECDH: prime256v1 (256 bits)
    TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA                128       ECDH: prime256v1 (256 bits)
    TLS\_ECDHE\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA               168       ECDH: prime256v1 (256 bits)

 The group of cipher suites supported by the server has the following properties:
   Forward Secrecy                    OK - Supported
   Legacy RC4 Algorithm               OK - Not Supported

* TLS 1.1 Cipher Suites: Attempted to connect using 80 cipher suites.

 The server accepted the following 6 cipher suites:
    TLS\_RSA\_WITH\_AES\_256\_CBC\_SHA                      256                      
    TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA                      128                      
    TLS\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA                     168                      
    TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA                256       ECDH: prime256v1 (256 bits)
    TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA                128       ECDH: prime256v1 (256 bits)
    TLS\_ECDHE\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA               168       ECDH: prime256v1 (256 bits)

 The group of cipher suites supported by the server has the following properties:
   Forward Secrecy                    OK - Supported
   Legacy RC4 Algorithm               OK - Not Supported

* TLS 1.2 Cipher Suites: Attempted to connect using 156 cipher suites.

 The server accepted the following 11 cipher suites:
    TLS\_RSA\_WITH\_AES\_256\_GCM\_SHA384                   256                      
    TLS\_RSA\_WITH\_AES\_256\_CBC\_SHA                      256                      
    TLS\_RSA\_WITH\_AES\_128\_GCM\_SHA256                   128                      
    TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA                      128                      
    TLS\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA                     168                      
    TLS\_ECDHE\_RSA\_WITH\_CHACHA20\_POLY1305\_SHA256       256       ECDH: X25519 (253 bits)
    TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384             256       ECDH: prime256v1 (256 bits)
    TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA                256       ECDH: prime256v1 (256 bits)
    TLS\_ECDHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256             128       ECDH: prime256v1 (256 bits)
    TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA                128       ECDH: prime256v1 (256 bits)
    TLS\_ECDHE\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA               168       ECDH: prime256v1 (256 bits)

 The group of cipher suites supported by the server has the following properties:
   Forward Secrecy                    OK - Supported
   Legacy RC4 Algorithm               OK - Not Supported

* TLS 1.3 Cipher Suites: Attempted to connect using 5 cipher suites.

 The server accepted the following 3 cipher suites:
    TLS\_CHACHA20\_POLY1305\_SHA256                      256       ECDH: X25519 (253 bits)
    TLS\_AES\_256\_GCM\_SHA384                            256       ECDH: X25519 (253 bits)
    TLS\_AES\_128\_GCM\_SHA256                            128       ECDH: X25519 (253 bits)

In Dex 2.36.0, TLS 1.0 and TLS 1.1 are disabled as expected.

* TLS 1.0 Cipher Suites: Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

* TLS 1.1 Cipher Suites: Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

* TLS 1.2 Cipher Suites: Attempted to connect using 156 cipher suites.

 The server accepted the following 5 cipher suites:
    TLS\_RSA\_WITH\_AES\_256\_GCM\_SHA384                   256                      
    TLS\_RSA\_WITH\_AES\_128\_GCM\_SHA256                   128                      
    TLS\_ECDHE\_RSA\_WITH\_CHACHA20\_POLY1305\_SHA256       256       ECDH: X25519 (253 bits)
    TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384             256       ECDH: prime256v1 (256 bits)
    TLS\_ECDHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256             128       ECDH: prime256v1 (256 bits)

 The group of cipher suites supported by the server has the following properties:
   Forward Secrecy                    OK - Supported
   Legacy RC4 Algorithm               OK - Not Supported

* TLS 1.3 Cipher Suites: Attempted to connect using 5 cipher suites.

 The server accepted the following 3 cipher suites:
    TLS\_CHACHA20\_POLY1305\_SHA256                      256       ECDH: X25519 (253 bits)
    TLS\_AES\_256\_GCM\_SHA384                            256       ECDH: X25519 (253 bits)

Impact

TLS 1.0 and TLS 1.1 connections can be decrypted by the attacker, and hence decrypt the traffic to Dex.

References

  • GHSA-gr79-9v6v-gc9r
  • https://nvd.nist.gov/vuln/detail/CVE-2024-23656
  • dexidp/dex#2848
  • dexidp/dex#2964
  • dexidp/dex@5bbdb44
  • https://github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425

Published to the GitHub Advisory Database

Jan 26, 2024

Last updated

Jan 26, 2024

ghsa: Latest News

GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code