Skip to content

Contrast's unauthenticated recovery allows Coordinator impersonation

High severity GitHub Reviewed Published Feb 5, 2025 in edgelesssys/contrast • Updated Feb 5, 2025

Package

gomod github.com/edgelesssys/contrast (Go)

Affected versions

<= 1.4.0

Patched versions

1.4.1

Description

Impact

Recovering coordinators do not verify the seed provided by the recovering party. This allows an attacker to set up a coordinator with a manifest that passes validation, but with a secret seed controlled by the attacker.

If network traffic is redirected from the legitimate coordinator to the attacker's coordinator, a workload owner is susceptible to impersonation if either

  • they set a new manifest and don't compare the root CA cert with the existing one (this is the default of the contrast CLI) or
  • they verify the coordinator and don't compare the root CA cert with a trusted reference.

Under these circumstances, the attacker can:

  • Issue certificates that chain back to the attacker coordinator's root CA.
  • Recover arbitrary workload secrets of workloads deployed after the attack.

This issue does not affect the following:

  • secrets of the legitimate coordinator (seed, workload secrets, CA)
  • integrity of workloads, even when used with the rogue coordinator
  • certificates chaining back to the mesh CA

Patches

This issue is patched in Contrast v1.4.1.

Workarounds

The issue can be avoided by verifying the coordinator root CA cert against expectations.

  • At the first set call, keep a copy of the CA cert returned by the coordinator.
  • After subsequent set or verify calls, compare the returned CA cert with the backup copy. If it matches bit-for-bit, the coordinator is legitimate.

References

@burgerdev burgerdev published to edgelesssys/contrast Feb 5, 2025
Published to the GitHub Advisory Database Feb 5, 2025
Reviewed Feb 5, 2025
Last updated Feb 5, 2025

Severity

High

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

EPSS score

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-vqv5-385r-2hf8

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.