Bugzilla – Bug 1193999
AUDIT-FIND: keylime: Key Exchange and Bootstrap Protocol Susceptible to Replay Attacks
Last modified: 2022-01-28 11:02:29 UTC
This is to keep track of the keylime review report issue 2.d: Authentic payloads being passed from the tenant to the agent should be reasonably safe from attackers (when not considering issue c)), since the two halves of the symmetric key are encrypted using the per-agent node RSA public key. The bootstrap protocol seems to be susceptible to certain replay attacks, however. Since the interface does not employ transport security, the bootstrap protocol can simply be recorded and replayed to activate an authentic configuration payload. This could e.g. be used by an attacker to activate an outdated or even insecure older configuration of the agent node.
I didn't practically reproduce this finding but from the theory it looks like a valid concern. Should it not apply after all we can still close the bug.
Upstream decided not to assign a dedicated CVE for the replay attack aspect. The bugfix is the same as for the arbitrary code execution depicted in bug 1193998. Formally it could have been suitable for a separate CVE but I guess it's okay to simplify the administration of all this a bit. Therefore I'm closing this bug as INVALID.
the issue is public now, same as in bug 1193998
this one we can close right away since it didn't receive a CVE