New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Default TLS implementations leave consuming systems open to multiple vulnerabilities. #1431
Comments
Please specify what TLS endpoints exactly you are referring to. Generally, tls clients can be configured to (not) accept a given TLS version and ciphers so I don't really see this as a problem here. |
This is to do with webhook servers that are provisioned rather than clients. Here's a listening TLS webhook's testssl.sh report (portions):
And
|
Low impact but would be nice to clean up. If you would be interested in tackling this, the TLS config is here controller-runtime/pkg/webhook/server.go Lines 195 to 198 in 82c68b9
|
My point is: You can just configure your client to not accept certain tls versions and/or ciphers. A tls connection always has two participating parties that both need to accept a given tls version and cipher. |
The only client we care about for the webhooks system is kube-apiserver, which we don't control directly though if it also needs TLS improvements I'm sure k/k would be happy for those too :) |
If the client can control which cipher and TLS version is used then the server is not controlling it resulting in a vulnerable connection. In this case a client can propose a weak or deprecated cipher and version in the TLS handshake and the server will support it and allow it to happen. I have not prepared a POC exploit purely because it's been done quite some time ago to explain the weaknesses in TLS 1.0 and TLS 1.1 and the weak ciphers mentioned. I'm more a security researcher than a coder which is why I'm not providing a fix, just reporting the issue. |
@huornlmj I think you may misunderstand how this code works. Thank you for your report however these are special purpose endpoints and not used for general HTTP for arbitrary clients. If you would like to confirm the vulnerability, you would need to specifically check the client settings on the k/k side. That said, we should fix the easy ones since it's probably as simple as a few options in the Config struct. |
Glad to help @coderanger . I acknowledge I am not up to speed with the project itself, but I'm applying the maxim 'trust no-one' here, as there may well be network adversaries within the domain that the trusted client and trusted server reside in. |
Some environments have automated security scans that trigger on TLS versions or insecure cipher suites. Setting TLS to 1.3 would solve both problems (setting to 1.2 only solves the former as the default 1.2 cipher suites are insecure). Default TLS minimum version of 1.0 remains. Fixes kubernetes-sigs#1431
Fixed by #1548 |
The default implementation for TLS endpoints expose the long deprecated TLS 1.0 and TLS 1.1 versions along with dangerous ciphers that expose systems to version downgrade attacks, SWEET32 (CVE-2016-2183, CVE-2016-6329), BEAST (CVE-2011-3389), LUCKY13 (CVE-2013-0169). There should be a way for consumers to control which versions and ciphers are exposed.
This was confirmed with a default endpoint and tested with version 3.0.4 of testssl.sh.
The text was updated successfully, but these errors were encountered: