Skip to content

User data in TPM attestation vulnerable to MITM

High
derpsteb published GHSA-r2h5-3hgw-8j34 Feb 17, 2023

Package

gomod constellation (Go)

Affected versions

<= 2.5.1

Patched versions

2.5.2

Description

Impact

Attestation user data (such as the digest of the public key in an aTLS connection) was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In practice, this meant that a CSP insider with sufficient privileges would have been able to join a node under their control to a Constellation cluster.

Patches

The issue has been patched in v2.5.2.

Workarounds

none

Severity

High

CVE ID

No known CVE

Weaknesses

No CWEs