Listen to this Post
The vulnerability in the evervault-go SDK stems from a flaw in its Platform Configuration Register (PCR) attestation verification logic. The `verifyPCRs` function performed naive equality checks between an expected set of PCR values and the PCRs present in a Nitrite attestation document. This logic was vulnerable to a bypass where an attacker could supply an incomplete attestation document. Specifically, if an application expected values for PCR0, PCR1, PCR2, and PCR8, but an attestation document only contained a value for PCR8 (or any other single PCR), the comparison would incorrectly pass. This occurred because the function did not validate that all expected PCRs were present and non-empty in the actual document, only that the provided PCRs matched the expected values for their respective indices. Consequently, an enclave with an unknown or compromised state for the missing PCRs could be incorrectly trusted by the client application, violating the integrity guarantees of the attestation process.
Platform: Evervault Go SDK
Version: <1.3.2
Vulnerability: Attestation Bypass
Severity: Critical
date: 2025-01-23
Prediction: Patched 2025-01-23
What Undercode Say:
git clone https://github.com/evervault/evervault-go.git cd evervault-go git checkout v1.3.1
expectedPCRs := []attestation.PCRs{
attestation.PCRs{
PCR0: "pc0...",
PCR8: "pc8...",
},
}
actualDocument := nitrite.Document{}
actualDocument.PCRs = map[bash][]byte{
8: pc8_value_byte_slice,
}
v := verifyPCRs(expectedPCRs, actualDocument) // Returns true, should be false.
How Exploit:
Craft a malicious attestation document omitting critical PCRs (0,1,2) while providing only a valid PCR8. Submit this document to the vulnerable verification function to achieve an unauthorized successful attestation, bypassing platform integrity checks.
Protection from this CVE
Upgrade the evervault-go SDK to version 1.3.2 or later. The patch introduces a `SatisfiedBy` method that validates the attestation document contains all expected PCRs and replaces the flawed equality check. For immediate workarounds, modify application logic to explicitly validate the presence and non-empty state of all required PCRs, especially PCR0, PCR1, and PCR2, before trusting the attestation result.
Impact:
Clients may trust an enclave operator that does not meet the expected security and integrity guarantees, potentially leading to the processing of sensitive data in an untrusted or compromised environment. The impact is highest for applications that solely rely on PCR8 for attestation.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
