CVE-2020-15720

pki: Dogtag's python client does not validate certificates

Severity Score

6.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases. This is fixed in 10.9.0-b1.

En Dogtag PKI versiones hasta 10.8.3, la clase pki.client.PKIConnection no habilitó la comprobación de certificados de peticiones de python. Como el parámetro de verificación estaba embebido en todas las funciones de petición, no fue posible anular la configuración. Como resultado, las herramientas que utilizan esta clase, tal y como el comando pki-server, pueden haber sido vulnerables a ataques de tipo Person-in-the-Middle en determinados casos de uso de un no localhost. Esto es corregido en la versión 10.9.0-b1

A flaw was found in PKI, where the dogtag's pki.client.PKIConnection class disables the python-requests certificate validation. This flaw allows an attacker to intercept a connection between a FreeIPA client and a server, and execute an active Man-in-the-Middle attack. The highest threat from this vulnerability is to confidentiality and integrity.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-07-14 CVE Reserved
2020-07-14 CVE Published
2024-05-18 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-295: Improper Certificate Validation

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=1855273	2020-07-23
https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72	2020-07-23
https://github.com/dogtagpki/pki/compare/v10.9.0-a2...v10.9.0-b1	2020-07-23

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2020-15720	2020-11-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dogtagpki Search vendor "Dogtagpki"		Dogtagpki Search vendor "Dogtagpki" for product "Dogtagpki"				<= 10.8.3 Search vendor "Dogtagpki" for product "Dogtagpki" and version " <= 10.8.3"		-		Affected