EJBCA Security Advisory: EJBCA standalone CMP CLI client EJBCA Security Advisory: EJBCA standalone CMP CLI client

EJBCA Security Advisory: EJBCA standalone CMP CLI client

Created: Updated:

 

Issue Summary

The standalone CMP CLI client bundled with EJBCA is not compliant with the security requirements stated in RFC 4211. CMP includes password-based MAC as one of the options for message integrity and authentication, the other option being certificate-based. RFC 4211 section 4.4 requires that the password-based MAC parameters use a salt with a random value of at least 8 octets. This helps to inhibit dictionary attacks. Due to the fact that the standalone CMP client originally was developed as test code, the salt was instead hard coded and only 6 octets long.

This only affects the standalone CMP CLI client and not EJBCA's server-side CMP implementation.

 

Who is potentially affected

Any customer using the EJBCA standalone CMP CLI in production, re-using a dictionary-based password for authentication of multiple messages, over a non-secure connection, may be affected.

 

Who is not affected

Any customer not using the EJBCA standalone CMP CLI, or is doing so with a strong password and/or over a secure connection.

 

Severity

Keyfactor deems the impact as medium given that it is only impacted by a poorly chosen password, and the probability as low as such an attack requires the ability to capture CMP messages in transit.

Risk Assessment

Given a poorly chosen (dictionary-word) password, the confidentiality of passwords used for CMP password-based authentication, sent by the client may be compromised.

 

Vulnerability Vectors

An attacker would need the ability to capture CMP messages in transit – this would in essence require an already established man-in-the-middle situation.

How to check if you are affected

  • If the EJBCA CMP client is not being used in production, you are not affected.
  • If the network connection between the CMP client and EJBCA is considered secure, then you are not affected.
  • If the CMP alias on the server side is using client mode and enforcing one-time password, you are not affected.
  • If CMP is not using password-based authentication, you are not affected.
  • If the CMP password is not a dictionary word, you are not affected.

 

Mitigations

  • Verify that only intended certificates have been issued by that RA.
  • If you are using a weak or dictionary-based CMP password, change it immediately to a strong password.
  • Upgrade to EJBCA 8.3.1 or higher.