GMS-2023-409: User data in TPM attestation vulnerable to MITM

February 17, 2023

Impact

Attestation user data (such as the digest of the public key in an aTLS connection) was bound to the issuer’s TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In practice, this meant that a CSP insider with sufficient privileges would have been able to join a node under their control to a Constellation cluster.

Patches

The issue has been patched in v2.5.2.

Workarounds

none

References

github.com/advisories/GHSA-r2h5-3hgw-8j34
github.com/edgelesssys/constellation/releases/tag/v2.5.2
github.com/edgelesssys/constellation/security/advisories/GHSA-r2h5-3hgw-8j34

Code Behaviors & Features

Detect and mitigate GMS-2023-409 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →