Headline
GHSA-f4r5-q63f-gcww: Keylime registrar and (untrusted) Agent can be bypassed by an attacker
Impact
A security issue was found in the Keylime registrar
code which allows an attacker to effectively bypass the challenge-response protocol used to verify that an agent
has indeed access to an AIK which in indeed related to the EK.
When an agent
starts up, it will contact a registrar
and provide a public EK and public AIK, in addition to the EK Certificate. This registrar
will then challenge the agent
to decrypt a challenge encrypted with the EK.
When receiving the wrong “auth_tag” back from the agent
during activation, the registrar
answers with an error message that contains the expected correct “auth_tag” (an HMAC which is calculated within the registrar
for checking). An attacker could simply record the correct expected “auth_tag” from the HTTP error message and perform the activate call again with the correct expected “auth_tag” for the agent
.
The security issue allows an attacker to pass the challenge-response protocol during registration with (almost) arbitrary registration data. In particular, the attacker can provide a valid EK Certificate and EK, which passes verification by the tenant
(or registrar
), while using a compromised AIK, which is stored unprotected outside the TPM and is unrelated to former two. The attacker then deliberately fails the initial activation call to get to know the correct “auth_tag” and then provides it in a subsequent activation call. This results in an agent
which is (incorrectly) registered with a valid EK Certificate, but with a compromised/unrelated AIK.
Patches
Users should upgrade to release 7.5.0
Impact
A security issue was found in the Keylime registrar code which allows an attacker to effectively bypass the challenge-response protocol used to verify that an agent has indeed access to an AIK which in indeed related to the EK.
When an agent starts up, it will contact a registrar and provide a public EK and public AIK, in addition to the EK Certificate. This registrar will then challenge the agent to decrypt a challenge encrypted with the EK.
When receiving the wrong “auth_tag” back from the agent during activation, the registrar answers with an error message that contains the expected correct “auth_tag” (an HMAC which is calculated within the registrar for checking). An attacker could simply record the correct expected “auth_tag” from the HTTP error message and perform the activate call again with the correct expected “auth_tag” for the agent.
The security issue allows an attacker to pass the challenge-response protocol during registration with (almost) arbitrary registration data. In particular, the attacker can provide a valid EK Certificate and EK, which passes verification by the tenant (or registrar), while using a compromised AIK, which is stored unprotected outside the TPM and is unrelated to former two. The attacker then deliberately fails the initial activation call to get to know the correct “auth_tag” and then provides it in a subsequent activation call. This results in an agent which is (incorrectly) registered with a valid EK Certificate, but with a compromised/unrelated AIK.
Patches
Users should upgrade to release 7.5.0
References
- GHSA-f4r5-q63f-gcww
- https://nvd.nist.gov/vuln/detail/CVE-2023-38201
- keylime/keylime@9e5ac9f
- https://access.redhat.com/security/cve/CVE-2023-38201
- https://bugzilla.redhat.com/show_bug.cgi?id=2222693
- https://github.com/pypa/advisory-database/tree/main/vulns/keylime/PYSEC-2023-160.yaml
Related news
Red Hat Security Advisory 2023-5080-01 - Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Issues addressed include bypass and denial of service vulnerabilities.
An update for keylime is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38200: A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections. * CVE-2023-38201: A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during ag...
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.