CVE-2020-28942 Information

Description

An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA’s domain security model the peer connector allows the restriction of client certificates (for the RA not the end user) to a limited set of allowed CAs thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP it was found that the EJBCA enrollment over an EST implementation bypasses this check allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Reference

https://support.primekey.com/news/posts/40

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3