Authentication Bypass by Spoofing
CVE-2021-43310
Summary
A vulnerability in "keylime" before 6.3.0 allows an attacker to craft a request to the agent that resets the "U" and "V" keys as if the agent was being re-added to a verifier. As part of this request, new "revocation" and "attestation" actions can be added, and depending on how the client is configured, this could lead to Remote Code Execution. NOTE: The affected versions of this package are not available in a package manager we support.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-290 - Authentication Bypass by Spoofing
This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.
References
Advisory Timeline
- Published