CVE-2023-2197: HashiCorp Vault Enterprise 1.13. to 1.13.1 Vulnerable to Padding Oracle Attack with HSM

HashiCorp Vault Enterprise, a renowned tool for securely managing secrets, has been found to be vulnerable to padding oracle attacks when utilizing a Hardware Security Module (HSM) in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. Versions affected include 1.13. up to 1.13.1. This vulnerability, identified as CVE-2023-2197, has been patched in the recent 1.13.2 release.

The vulnerability arises when an attacker, having privileges to modify storage and restart the Vault, intercepts or manipulates the cipher text. By doing so, the attacker could potentially derive Vault's root key. This blog post aims to shed light on the vulnerability details, exploit scenario, and steps to mitigate this issue.

Vulnerability Details

The core reason behind this vulnerability is the improper validation of padding performed by the target HSM when decrypting cipher text that utilizes CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with access to modify storage and restart the Vault might exploit this weakness and compromise data security.

Code Snippet

Consider this sample scenario where an attacker manages to manipulate the cipher text and exploit the padding oracle vulnerability:

# Attacker modifies the cipher text in storage
ciphertext = b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\xa\xb\xc\xd\xe\xf'
modified_ciphertext = b'\xff' * 16  # Replace ciphertext with all xff bytes

# Attacker manages to restart Vault with the modified ciphertext
vault = start_vault(modified_ciphertext)

# Attacker exploits padding oracle attack to derive the Vault's root key
root_key = exploit_padding_oracle(vault, modified_ciphertext)

Mitigation

The good news is that HashiCorp has already fixed this vulnerability in version 1.13.2. To safeguard against this issue, it is highly recommended to update your Vault Enterprise installation to version 1.13.2 or later. You can download the latest version of Vault Enterprise from the official HashiCorp Vault website (https://www.vaultproject.io/downloads/)

Exploit Scenario

Imagine a scenario where an attacker gains access to an organization's Vault storage and changes the cipher text. Afterward, they manage to restart the Vault and utilize the padding oracle attack to compromise the root key. With access to the root key, the attacker can now retrieve sensitive data without any limitations, causing significant damage to the organization.

Conclusion

This vulnerability reiterates the importance of keeping your software solutions up to date and monitoring access and privileges. Ensuring strict access controls, monitoring for unusual activity, and timely patching of vulnerabilities can help protect your data from potential attacks. In this case, upgrading to HashiCorp Vault Enterprise 1.13.2 should serve as an effective remedy against CVE-2023-2197.

Original References

- HashiCorp Vault Security Bulletin: https://groups.google.com/g/vault-announce/c/QNkaJT_IRI
- CVE Database Entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2197

Timeline

Published on: 05/01/2023 20:15:00 UTC
Last modified on: 05/06/2023 03:12:00 UTC