Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-1052
CVE-2024-1052:
NixOS vulnerability analysis and mitigation
Overview
Boundary and Boundary Enterprise ('Boundary') is vulnerable to session hijacking through TLS certificate tampering, identified as CVE-2024-1052. The vulnerability affects versions since 0.8.0 and has been fixed in version 0.15.0. This security issue was discovered during scheduled security testing and publicly disclosed on February 5, 2024. The vulnerability impacts the TLS certificate validation mechanism used in Boundary's session management system (HashiCorp Advisory).
Technical details
The vulnerability stems from how Boundary generates and validates TLS certificates for session authentication. When a session is created, Boundary generates a custom per-session TLS certificate and private key, with the certificate containing a randomly-generated session ID in its DNS Subject Alternative Names (SAN) values. The vulnerability allows for certificate tampering where an attacker can craft a TLS certificate containing a target session ID in the certificate's DNS Subject Alternative Names. The issue has been assigned a CVSS v3.1 base score of 8.0 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H (NVD).
Impact
If successfully exploited, an attacker could hijack an active session and gain access to the underlying service or application. This could lead to unauthorized access to services and applications protected by Boundary. The impact is particularly significant for active sessions where at least one connection has been made through a target session, as well as for non-activated sessions in a 'pending' state (HashiCorp Advisory).
Mitigation and workarounds
The vulnerability has been fixed in Boundary version 0.15.0 by implementing strict certificate validation that requires the client's certificate to be a byte-for-byte match to the certificate created for the session at authorization time. Organizations should upgrade to Boundary 0.15.0 or newer. Additionally, organizations can monitor Boundary logs for potential exploitation attempts, specifically looking for WARNING messages containing 'mismatched tofu token' (HashiCorp Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management