We're here to help We're here to help

EJBCA security advisory: EJBCA standalone CMP CLI client

Created: Updated:

Issue summary

The standalone CMP CLI client bundled with EJBCA is not compliant with the security requirements stated in RFC 4211. CMP includes password-based MAC as one of the options for message integrity and authentication, the other option being certificate-based. RFC 4211 section 4.4 requires that the password-based MAC parameters use a salt with a random value of at least eight octets. This helps to inhibit dictionary attacks. Due to the fact that the standalone CMP client originally was developed as test code, the salt was instead hard coded and only six octets long.

This only affects the standalone CMP CLI client and not EJBCA's server-side CMP implementation.

Who is potentially affected

Any customer using the EJBCA standalone CMP CLI in production, re-using a dictionary-based password for authentication of multiple messages, over a non-secure connection, may be affected.

Who is not affected

Any customer not using the EJBCA standalone CMP CLI, or is doing so with a strong password and/or over a secure connection.

Severity

Keyfactor deems the impact as medium given that it is only impacted by a poorly chosen password, and the probability as low as such an attack requires the ability to capture CMP messages in transit.

Risk assessment

Given a poorly chosen (dictionary-word) password, the confidentiality of passwords used for CMP password-based authentication, sent by the client may be compromised.

Vulnerability vectors

An attacker would need the ability to capture CMP messages in transit. This would in essence require an already established man-in-the-middle situation.

How to check if you are affected

You are NOT affected if:

  • The EJBCA CMP client is not being used in production
  • The network connection between the CMP client and EJBCA is considered secure
  • The CMP alias on the server side is using client mode and enforcing one-time password
  • CMP is not using password-based authentication
  • The CMP password is not a dictionary word

Mitigations

  • Verify that only intended certificates have been issued by that RA.
  • If you are using a weak or dictionary-based CMP password, change it immediately to a strong password.
  • Upgrade to EJBCA 8.3.1 or higher.

Add comment

Please sign in to leave a comment.