OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-26 16:07:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

async-nats MitM vulnerability (#1661)

Browse Source 
* Create RUSTSEC-0000-0000.md

* Add category

Co-authored-by: Tony Arcieri <bascule@gmail.com>

* Improve title

* Improve the description and reintroduce formatting

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

---------

Co-authored-by: Tony Arcieri <bascule@gmail.com>
This commit is contained in:
Paolo Barbolini
2023-03-24 16:38:47 +01:00
committed by GitHub
parent c48913e44d
commit 6035ece499
1 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
crates/async-nats/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,37 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "async-nats"
date = "2023-03-24"
url = "https://github.com/nats-io/nats.rs/commit/817a7b942c462fa9d9938dcb62124173634132fb#diff-767d442397fcaaf2f83e8f924d4a70317a2ce4703a49964d6007707949cfa5f5L303-R304"
categories = ["crypto-failure"]
keywords = ["tls", "mitm"]
[versions]
patched = [">= 0.29.0"]
```
# TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS.
The common name of the server's TLS certificate is validated against
the `host`name provided by the server's plaintext `INFO` message
during the initial connection setup phase. A MitM proxy can tamper with
the `host` field's value by substituting it with the common name of a
valid certificate it controls, fooling the client into accepting it.
## Reproduction steps
1. The NATS Rust client tries to establish a new connection
2. The connection is intercepted by a MitM proxy
3. The proxy makes a separate connection to the NATS server
4. The NATS server replies with an `INFO` message
5. The proxy reads the `INFO`, alters the `host` JSON field and passes
the tampered `INFO` back to the client
6. The proxy upgrades the client connection to TLS, presenting a certificate issued
by a certificate authority present in the client's keychain.
In the previous step the `host` was set to the common name of said certificate
7. `rustls` accepts the certificate, having verified that the common name matches the
attacker-controlled value it was given
9. The client has been fooled by the MitM proxy into accepting the attacker-controlled certificate