CVE-2024-1052 Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering

2024-02-0520:43:53

CWE-295

HashiCorp

github.com

cve-2024-1052

boundary

session hijacking

tls certificate tampering

enumeration

private key

trust on first use (tofu)

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*"
    ],
    "vendor": "hashicorp",
    "product": "boundary",
    "versions": [
      {
        "status": "affected",
        "version": "0.8.0",
        "lessThan": "0.15.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:hashicorp:boundary_enterprise:*:*:*:*:*:*:*:*"
    ],
    "vendor": "hashicorp",
    "product": "boundary_enterprise",
    "versions": [
      {
        "status": "affected",
        "version": "0.8.0",
        "lessThan": "0.15.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]