oss-security - CVE-2018-16886 etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS() via gRPC-gateway

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Date: Mon, 14 Jan 2019 14:43:58 +1100
From: Paul Harvey <pharvey@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2018-16886 etcd: Improper Authentication in auth/store.go:AuthInfoFromTLS()
 via gRPC-gateway

Hello,

etcd versions 3.2.0 through 3.3.10 are vulnerable to an improper
authentication issue when role-based access control (RBAC) is used and
client-cert-auth is enabled. If an etcd client server TLS certificate
contains a Common Name (CN) which matches a valid RBAC username, a
remote attacker may authenticate as that user with any valid (trusted)
client certificate in a REST API request to the gRPC-gateway.

Upstream issue:
https://github.com/etcd-io/etcd/pull/10366

Upstream changelog:
https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication
https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication

This issue was reported by Matt Wheeler (Osirium)

-- 
Paul Harvey / Red Hat Product Security

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.