#VU80467 Improper Authentication in keylime - CVE-2023-38201

Cybersecurity Help s.r.o.

Published: 2023-09-05

Vulnerability identifier: #VU80467

Vulnerability risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-38201

CWE-ID: CWE-287

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
keylime
Server applications / Other server solutions

Vendor: Keylime

Description

The vulnerability allows a local user to bypass authentication.

The vulnerability exists due to an error in the challenge-response protocol implementation during agent registration. A local user can impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

keylime: 2.0 - 7.4.0

External links
https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww
https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a
https://bugzilla.redhat.com/show_bug.cgi?id=2222693

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Fedora 38 update for keylime

Red Hat Enterprise Linux 9 update for keylime

SUSE update for keylime

Improper authentication in Keylime