Listen to this Post
The vulnerability exploits a flaw in cryptsetup (prior to v2.8.1) where it fails to validate the cryptographic integrity of LUKS2 volume headers. An attacker can craft a malicious LUKS2 volume that uses a `cipher_null-ecb` algorithm for its keyslots. This null cipher provides no actual encryption. When the Contrast Initializer, which manages secure persistent volumes for a pod VM, attempts to open this device using the provided secret seed, the cryptsetup command succeeds without error because the null cipher allows any passphrase to “decrypt” the keyslot. Consequently, the system mistakenly believes the volume is securely encrypted with the correct key and proceeds to write sensitive data to it. In reality, the volume is either entirely unencrypted or encrypted with a key known to the attacker, as the volume key derived from the keyslot is not properly secured, leading to a complete bypass of the intended cryptographic protection.
DailyCVE Form
Platform: Contrast
Version: < v1.12.1
Vulnerability: Crypto Bypass
Severity: Critical
date: 2024-XX-XX
Prediction: Patch v1.12.1
What Undercode Say:
`cryptsetup open –type luks2 /dev/malicious-device contrast_secure_volume`
`dmsetup table –showkeys contrast_secure_volume`
`hexdump -C /dev/mapper/contrast_secure_volume | head`
`cryptsetup luksDump /dev/malicious-device`
How Exploit:
Attacker crafts LUKS2 volume.
Uses null cipher keyslot.
Host provides volume to pod.
Initializer opens volume.
Data written is exposed.
Protection from this CVE
Upgrade Contrast to v1.13.0.
Use detached header mode.
Enable integrity protection features.
Impact:
Confidential data disclosure.
No integrity impact.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
