mTLS client certificates non-mandatory in default KMS config #561
Description
The TLS server configuration in dstack/kms/src/main_service.rs sets client certificate verification as optional rather than mandatory, so unauthenticated clients can still connect and the server must rely on application-layer checks.
Root Cause
The default KMS configuration sets mandatory = false for client TLS certificates:
# kms.toml:21-23
[tls.client_auth]
mandatory = falseThis means clients can connect to the KMS without providing a TLS client certificate. The mTLS authentication boundary, which is supposed to ensure only attested CVMs can access key derivation endpoints, is optional by default.
Attack Path
- KMS is deployed with default configuration (
mandatory = false) - Attacker connects to KMS endpoints without a client certificate
- Endpoints that rely on mTLS for authentication accept the unauthenticated connection
- Attacker can access any endpoint that doesn't have additional authentication checks
- Combined with a related finding (unauthenticated temp CA key) and a related finding (attestation bypass), this widens the attack surface
Impact
The mTLS authentication boundary is effectively optional. Endpoints that rely solely on the presence of a valid client certificate for authentication are accessible to unauthenticated callers. This weakens the security model where mTLS is the first line of defense for KMS access control.
Suggested Fix
Change the default to mandatory = true:
[tls.client_auth]
mandatory = trueEnsure all deployment configurations explicitly set this to true. Add a startup warning or error if mandatory is false in production environments.
Note: This issue was created automatically. The vulnerability report was generated by Claude and has not been verified by a human.