Issue Summary
The standalone CMP CLI client bundled with EJBCA is not compliant with the security requirements stated in RFC 4211. CMP includes password-based MAC as one of the options for message integrity and authentication, the other option being certificate-based. RFC 4211 section 4.4 requires that the password-based MAC parameters use a salt with a random value of at least 8 octets. This helps to inhibit dictionary attacks. Due to the fact that the standalone CMP client originally was developed as test code, the salt was instead hard coded and only 6 octets long.
This only affects the standalone CMP CLI client and not EJBCA's server-side CMP implementation.
Who is potentially affected
Any customer using the EJBCA standalone CMP CLI in production, re-using a dictionary-based password for authentication of multiple messages, over a non-secure connection, may be affected.
Who is not affected
Any customer not using the EJBCA standalone CMP CLI, or is doing so with a strong password and/or over a secure connection.
Severity
Keyfactor deems the impact as medium given that it is only impacted by a poorly chosen password, and the probability as low as such an attack requires the ability to capture CMP messages in transit.
Risk Assessment
Given a poorly chosen (dictionary-word) password, the confidentiality of passwords used for CMP password-based authentication, sent by the client may be compromised.
Vulnerability Vectors
An attacker would need the ability to capture CMP messages in transit – this would in essence require an already established man-in-the-middle situation.
How to check if you are affected
- If the EJBCA CMP client is not being used in production, you are not affected.
- If the network connection between the CMP client and EJBCA is considered secure, then you are not affected.
- If the CMP alias on the server side is using client mode and enforcing one-time password, you are not affected.
- If CMP is not using password-based authentication, you are not affected.
- If the CMP password is not a dictionary word, you are not affected.
Mitigations
- Verify that only intended certificates have been issued by that RA.
- If you are using a weak or dictionary-based CMP password, change it immediately to a strong password.
- Upgrade to EJBCA 8.3.1 or higher.
Related to: