Impact
A vulnerability has been identified in SPDM session establishment.
If a device supports both DHE session and PSK session with mutual
authentication, the attacker may be able to establish the session with
KEY_EXCHANGE and PSK_FINISH to bypass the mutual authentication. This
is most likely to happen when the Requester begins a session using
one method (DHE, for example) and then uses the other method's finish
(PSK_FINISH in this example) to establish the session. The session
hashes would be expected to fail in this case, but the condition was
not detected.
Impacted Function:
This issue only impacts the SPDM responder, which supports KEY_EX_CAP=1 and
PSK_CAP=10b at same time with mutual authentication requirement.
The SPDM requester is not impacted.
The SPDM responder is not impacted if KEY_EX_CAP=0 or PSK_CAP=0 or PSK_CAP=01b.
The SPDM responder is not impacted if mutual authentication is not required.
Impacted Branch:
libspdm 1.0, 2.0, 2.1, 2.2, 2.3 are all impacted.
Other Important Notes:
The SPDM specification (DSP0274) does not contain this vulnerability.
Patches
libspdm main: #2006
libspdm 2.3: #2007
Because libspdm 1.0, 2.0, 2.1, and 2.2 have known function detect, they are not maintained.
libspdm 2.3 branch users should upgrade to release 2.3.2.
References
libspdm issue: #2005
Acknowledgement:
This issue was reported on 20 March 2023 by Cas Cremers cremers@cispa.de,
together with Naska, Aurora aurora.naska@cispa.de;
Dax, Alexander alexander.dax@cispa.de.
Impact
A vulnerability has been identified in SPDM session establishment.
If a device supports both DHE session and PSK session with mutual
authentication, the attacker may be able to establish the session with
KEY_EXCHANGE and PSK_FINISH to bypass the mutual authentication. This
is most likely to happen when the Requester begins a session using
one method (DHE, for example) and then uses the other method's finish
(PSK_FINISH in this example) to establish the session. The session
hashes would be expected to fail in this case, but the condition was
not detected.
Impacted Function:
This issue only impacts the SPDM responder, which supports KEY_EX_CAP=1 and
PSK_CAP=10b at same time with mutual authentication requirement.
The SPDM requester is not impacted.
The SPDM responder is not impacted if KEY_EX_CAP=0 or PSK_CAP=0 or PSK_CAP=01b.
The SPDM responder is not impacted if mutual authentication is not required.
Impacted Branch:
libspdm 1.0, 2.0, 2.1, 2.2, 2.3 are all impacted.
Other Important Notes:
The SPDM specification (DSP0274) does not contain this vulnerability.
Patches
libspdm main: #2006
libspdm 2.3: #2007
Because libspdm 1.0, 2.0, 2.1, and 2.2 have known function detect, they are not maintained.
libspdm 2.3 branch users should upgrade to release 2.3.2.
References
libspdm issue: #2005
Acknowledgement:
This issue was reported on 20 March 2023 by Cas Cremers cremers@cispa.de,
together with Naska, Aurora aurora.naska@cispa.de;
Dax, Alexander alexander.dax@cispa.de.