MitM attack in OpenSSL when using raw public keys



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-12797
CWE-ID CWE-287
Exploitation vector Network
Public exploit N/A
Vulnerable software
 OpenSSL
Server applications / Encryption software

Vendor OpenSSL Software Foundation

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper authentication

EUVDB-ID: #VU103771

Risk: Medium

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-12797

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error when using RFC7250 Raw Public Keys (RPKs) to authenticate a server. TLS and DTLS connections using raw public keys are vulnerable to man-in-middle attacks when server authentication failure is not detected by clients.

Note, the vulnerability can be exploited only when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenSSL: 3.0.0 - 3.4.0

CPE2.3 External links

https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9
https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7
https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699
https://openssl-library.org/news/secadv/20250211.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###