Bug 2232218 (CVE-2023-4727) - CVE-2023-4727 dogtag ca: token authentication bypass vulnerability
Summary: CVE-2023-4727 dogtag ca: token authentication bypass vulnerability
Keywords:
Status: POST
Alias: CVE-2023-4727
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Endi Sukma Dewata
QA Contact:
URL:
Whiteboard:
Depends On: 2268351 2232221 2232222 2232223 2232281
Blocks: 2232220
TreeView+ depends on / blocked
 
Reported: 2023-08-15 19:32 UTC by Zack Miele
Modified: 2024-06-27 14:29 UTC (History)
19 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHCS-4416 0 None None None 2023-09-07 22:04:29 UTC
Red Hat Product Errata RHSA-2024:4051 0 None None None 2024-06-23 22:46:43 UTC
Red Hat Product Errata RHSA-2024:4164 0 None None None 2024-06-27 14:09:52 UTC
Red Hat Product Errata RHSA-2024:4165 0 None None None 2024-06-27 14:29:19 UTC

Description Zack Miele 2023-08-15 19:32:41 UTC 
The token authentication scheme in Dogtag CA can be bypassed with a Ldap injection.
By passing the query string parameter sessionID=*, an attacker can authenticate with
the existing session saved in Ldap directory server.
Comment 33 Pedro Sampaio 2024-01-05 17:04:57 UTC 
This is ready to unembargo from our side.

Endi, please confirm if your team is able to view the tracker bugs and prepare Erratas?

Thank you.
Comment 51 Endi Sukma Dewata 2024-06-17 23:55:23 UTC 
Fixed upstream:
* master branch: https://github.com/dogtagpki/pki/commit/aa7161ba378caf5cf0471aafb679a842679c8388
* v11.5 branch: https://github.com/dogtagpki/pki/commit/54e5b3c5932ad634b5ddf5b1d4d88c9419d6f720
Comment 53 errata-xmlrpc 2024-06-23 22:46:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:4051 https://access.redhat.com/errata/RHSA-2024:4051
Comment 54 errata-xmlrpc 2024-06-27 14:09:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:4164 https://access.redhat.com/errata/RHSA-2024:4164
Comment 55 errata-xmlrpc 2024-06-27 14:29:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:4165 https://access.redhat.com/errata/RHSA-2024:4165
Note You need to log in before you can comment on or make changes to this bug.