Bug 2339091 (CVE-2024-2048)
| Summary: | CVE-2024-2048 hashicorp/vault: Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | amctagga, bkabrda, brainfor, caswilli, iblazevi, kaycoth, lball, ldai, lsharar, lucarval, ngough, veshanka |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in Vault and Vault Enterprise's TLS certificate authentication method. This vulnerability allows an attacker to bypass authentication via a crafted malicious certificate when a non-CA certificate is used as a trusted certificate.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-01-21 08:57:24 UTC
There we an error on the way vault was validating the OCSP for non-CA TLS certificates. Although the signature was properly validated if there were any error regarding the certificate the OCSP response object were kept around and sent up through the stack. This ends up causing vault to eventually ignore such errors in certain conditions, allowing crafted certificates to be accepted as a valid login method. Commit: https://github.com/hashicorp/vault/pull/26091/commits/6347d0a2e5e2a3d417ee1369618ec72b127ecfba |