Skip to main content

EJBCA Security Advisory - CMP Revocation Ignores Multi Tenancy Constraints - News / PrimeKey Announcements - PrimeKey Support

Aug 16 2021

EJBCA Security Advisory - CMP Revocation Ignores Multi Tenancy Constraints

Authors list

EJBCA Security Advisory - CMP Revocation Ignores Multi Tenancy Constraints

Dear Customers and Partners,

PrimeKey has released an update to address a vulnerability in EJBCA found as a part of our internal testing.

As a part of PrimeKey's new policy, we will be submitting this issue publicly as a CVE two weeks after alerting customers

Issue Summary

CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints (by verifying that the client certificate has access to the CA and Profiles being enrolled against), this check was not performed when authenticating revocation operations, allowing a known tenant to revoke a certificate belonging to another tenant.

Who is potentially affected

You may be affected if you are running CMP with RA mode enabled with multiple tenants.

Severity

PrimeKey rates the issue as having medium impact and low probability.

Risk Assessment

Impact is medium as it would allow a trusted tenant to perform Denial-of-Service attacks on other tenants. Probability is low as this tenant already needs to be a trusted party.

Vulnerability

You may be affected if you are using CMP in RA mode, hosting multiple tenants.  

How to check if you are affected

Verify with your tenants that no unplanned revocations have taken place. 

Fixes

A software update has been released in EJBCA Enterprise 7.6.0.

For more information, see the release notes included in the documentation for this release.

EJBCA 7.6.0 is included in Appliance version 3.8.0 and EJBCA Cloud y.y.

If you have any questions, please contact support.

Contact us:


support@primekey.com


Global support number: +1 251 317 6984