2339091 – (CVE-2024-2048) CVE-2024-2048 hashicorp/vault: Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates

Bug 2339091 (CVE-2024-2048) - CVE-2024-2048 hashicorp/vault: Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates

Summary: CVE-2024-2048 hashicorp/vault: Vault Cert Auth Method Did Not Correctly Valid...

Keywords:
Status:	NEW
Alias:	CVE-2024-2048
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-01-21 08:57 UTC by OSIDB Bzimport
Modified:	2025-01-27 16:02 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-01-21 08:57:24 UTC

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.

Comment 3 Marco Benatto 2025-01-27 16:02:18 UTC

There we an error on the way vault was validating the OCSP for non-CA TLS certificates. Although the signature was properly validated if there were any error regarding the certificate the OCSP response object were kept around and sent up through the stack. This ends up causing vault to eventually ignore such errors in certain conditions, allowing crafted certificates to be accepted as a valid login method.

Commit: https://github.com/hashicorp/vault/pull/26091/commits/6347d0a2e5e2a3d417ee1369618ec72b127ecfba

Note You need to log in before you can comment on or make changes to this bug.