The Keycloak identity and access management system, which supports OAuth and OpenID Connect (OIDC) clients, has been found with a serious vulnerability (CVE-2023-2422). This post will discuss the details of the flaw, its implications, and potential mitigations.
Overview of the Vulnerability
Due to an improper verification of the client certificate chain, clients possessing valid certificates can authorize themselves as other clients. Consequently, they can access data that was intended for other clients in the Keycloak system.
This flaw specifically affects Keycloak servers that have been configured to support mTLS (Mutual Transport Layer Security) authentication for OAuth/OpenID clients.
Details of the Vulnerability
A client certificate chain's validation process consists of validating that the certificate's root CA (Certificate Authority) is trusted and verifying all the intermediate certificates.
It is during this verification process where the flaw lies. In Keycloak, the intermediate signing certificate used to sign the presented client certificate is not correctly validated against the trusted CA certificate, stored within the Keycloak truststore.
Here is the snippet of code that demonstrates the faulty certificate validation in Keycloak
private boolean isValidCertificate(X509Certificate clientCertificate,
X509Certificate[] fullClientCertChain,
KeycloakSession session) {
// Load the trusted CA certificates
X509Certificate[] trustedCaCerts = getTrustedCaCerts(session);
for (X509Certificate cert : fullClientCertChain) {
// Check if the current certificate is issued by a trusted CA
if (isTrustedCertificate(cert, trustedCaCerts)) {
// Check if the client certificate is issued by the current certificate
try {
clientCertificate.verify(cert.getPublicKey());
return true;
} catch (Exception ex) {
// Ignore exceptions, continue with the next certificate in the chain
}
}
}
return false;
}
In the code snippet above, the function isValidCertificate checks the client certificate with the certificate chain. The check clientCertificate.verify(cert.getPublicKey()) is performed against all intermediate certificates, without ensuring that the intermediate certificate belongs to the trusted CA. This faulty validation allows an attacker with a valid certificate to impersonate any other client in the system.
References of the Vulnerability
- National Vulnerability Database (NVD): CVE-2023-2422
- Keycloak Project Issue Tracker: KEYCLOAK-237642
Exploit Example
A potential attacker can exploit this vulnerability by crafting a specific client certificate with the following criteria:
1. The client certificate must be signed by a trusted CA or by an intermediate CA that the attacker controls.
The client certificate must have a subject that matches the client-id of the target client.
Given the above criteria, the attacker can then use this crafted client certificate to authenticate itself as the intended target client and access its associated resources.
Mitigation Recommendations
To mitigate the flaw, Keycloak developers have released a patch that properly verifies the client certificate chain against the trusted root CA found in Keycloak's truststore. Keycloak server administrators should apply the patch as soon as possible and ensure that their truststore configurations are updated accordingly.
Furthermore, it is recommended to monitor for any unusual activity or unauthorized access attempts in the system. Regularly reviewing server logs and implementing monitoring for client authentication can help identify potential threats early on.
Conclusion
CVE-2023-2422 is a critical vulnerability in Keycloak servers configured to support mTLS authentication, which allows an attacker with a valid client certificate to impersonate other clients and access their associated resources. Applying the released patch and monitoring for unusual activity can help mitigate the risk of exploitation.
Timeline
Published on: 10/04/2023 11:15:10 UTC
Last modified on: 11/07/2023 04:12:40 UTC