Vulnerability Database

318,638

Total vulnerabilities in the database

User data in TPM attestation vulnerable to MITM

Impact

Attestation user data (such as the digest of the public key in an aTLS connection) was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In practice, this meant that a CSP insider with sufficient privileges would have been able to join a node under their control to a Constellation cluster.

Patches

The issue has been patched in v2.5.2.

Workarounds

none

Published: Feb 17, 2023
Updated: Apr 14, 2023
GHSA: GHSA-r2h5-3hgw-8j34
Severity: High
Exploit:

No technical information available.

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
github.com/edgelesssys/constellation/v2	-	2.5.2

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo