Novell iChain Mutual Authentication Certificate Remote Authentication Bypass Vulnerability
BID:12378
Info
Novell iChain Mutual Authentication Certificate Remote Authentication Bypass Vulnerability
| Bugtraq ID: | 12378 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 26 2005 12:00AM |
| Updated: | Jan 26 2005 12:00AM |
| Credit: | The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue. |
| Vulnerable: |
Novell iChain Server 2.3 Novell iChain Server 2.2 SP3 Novell iChain Server 2.2 SP2 Novell iChain Server 2.2 |
| Not Vulnerable: | |
Discussion
Novell iChain Mutual Authentication Certificate Remote Authentication Bypass Vulnerability
A remote authentication bypass vulnerability affects Novell iChain. This issue is due to a failure of the application to properly implement security policies.
It should be noted that this issue is only present if auto-created SSL certificates are used, internally signed certificates are used, or externally signed SSL certificates are used while the affected appliance has imported the ICS_TREE Selfsigned Certificate to iChains TrustedRoot Store while certificate mapping matches an internal user. It should also be noted that certificate matching can be achieved by an attacker with only an internal user's email address.
A remote attacker may leverage this issue to bypass iChain identity-based authentication, granting them access to any protected network resources.
A remote authentication bypass vulnerability affects Novell iChain. This issue is due to a failure of the application to properly implement security policies.
It should be noted that this issue is only present if auto-created SSL certificates are used, internally signed certificates are used, or externally signed SSL certificates are used while the affected appliance has imported the ICS_TREE Selfsigned Certificate to iChains TrustedRoot Store while certificate mapping matches an internal user. It should also be noted that certificate matching can be achieved by an attacker with only an internal user's email address.
A remote attacker may leverage this issue to bypass iChain identity-based authentication, granting them access to any protected network resources.
Exploit / POC
Novell iChain Mutual Authentication Certificate Remote Authentication Bypass Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
Novell iChain Mutual Authentication Certificate Remote Authentication Bypass Vulnerability
Solution:
Novell has released Technical Information Document 10096315 dealing with this issue. They have provided a workaround for this issue:
When setting up iChain for mutual authentication, make sure the following processes are in place:
- create externally signed certificates for any accelerator using mutual authentication. These externally signed certificates include certificates generated by other Novell CAs in your network.
- never ever import the ICS_TREE CA Selfsigned Certificate to iChains Trusted Root store
Solution:
Novell has released Technical Information Document 10096315 dealing with this issue. They have provided a workaround for this issue:
When setting up iChain for mutual authentication, make sure the following processes are in place:
- create externally signed certificates for any accelerator using mutual authentication. These externally signed certificates include certificates generated by other Novell CAs in your network.
- never ever import the ICS_TREE CA Selfsigned Certificate to iChains Trusted Root store
References
Novell iChain Mutual Authentication Certificate Remote Authentication Bypass Vulnerability
References:
References:
- iChain Homepage (Novell)
- TID10096315 - Invalid user authenticates to iChain (Novell)