Impact
Keylime registrar
is prone to a simple denial of service attack in which an adversary opens a connection to the TLS port (by default, port 8891
) blocking further, legitimate connections. As long as the connection is open, the registrar
is blocked and cannot serve any further clients (agents
and tenants
), which prevents normal operation. The problem does not affect the verifier
.
Patches
Users should upgrade to release 7.4.0
Credit
Reported by: Florian Kohnhäuser/@flozilla
Patched-by: Florian Kohnhäuser/@flozilla
Impact
Keylime
registrar
is prone to a simple denial of service attack in which an adversary opens a connection to the TLS port (by default, port8891
) blocking further, legitimate connections. As long as the connection is open, theregistrar
is blocked and cannot serve any further clients (agents
andtenants
), which prevents normal operation. The problem does not affect theverifier
.Patches
Users should upgrade to release 7.4.0
Credit
Reported by: Florian Kohnhäuser/@flozilla
Patched-by: Florian Kohnhäuser/@flozilla