Описание
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
- Patch
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
Keylime registrar and (untrusted) Agent can be bypassed by an attacker
EPSS
6.5 Medium
CVSS3