CVE-2019-0205
vulnerability vulnerability in libthrift (Maven)
What is CVE-2019-0205 About?
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer are vulnerable to authentication bypass when configured with the AWS IAM auth method. This flaw allows unauthorized access to Vault. Exploitation can be achieved by leveraging specific weaknesses in the IAM authentication process.
Affected Software
Technical Details
The vulnerability in HashiCorp Vault and Vault Enterprise, affecting versions 0.7.1 and newer, exists specifically when the AWS IAM authentication method is configured. The core issue is an authentication bypass that allows an attacker to circumvent the intended IAM-based authentication flow. This bypass likely stems from an insufficient validation or improper handling of IAM credentials or signatures during the authentication process. An attacker could craft a maliciously formed AWS IAM authentication request that, despite not being legitimate, is erroneously accepted by Vault, granting unauthorized access. The exact mechanism would involve exploiting a weakness in how Vault verifies the authenticity or authorization of the presented AWS IAM identity.
What is the Impact of CVE-2019-0205?
Successful exploitation may allow attackers to bypass authentication, gain unauthorized access to Vault secrets and functionality, and potentially compromise the confidentiality, integrity, and availability of all data managed by Vault.
What is the Exploitability of CVE-2019-0205?
Exploitation of this vulnerability requires the Vault instance to be configured with the AWS IAM authentication method. The complexity of the attack would likely be medium, as it involves understanding and exploiting specific weaknesses in the IAM authentication process. The attack is remote, as it targets the authentication endpoint of Vault. No prior authentication to Vault is required to attempt the bypass, though some knowledge of or access to AWS IAM identities might be necessary to craft the malicious authentication request. The primary risk factor is the deployment of Vault with the vulnerable AWS IAM auth method configuration, as it presents a direct path to unauthorized access.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2019-0205?
Available Upgrade Options
- org.apache.thrift:libthrift
- <0.13.0 → Upgrade to 0.13.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://lists.apache.org/thread.html/1c18ec6ebfea0a9211992be952e8b33d0fda202c077979b84a5e09a8@%3Cuser.thrift.apache.org%3E
- https://lists.apache.org/thread.html/1c18ec6ebfea0a9211992be952e8b33d0fda202c077979b84a5e09a8%40%3Cuser.thrift.apache.org%3E
- https://lists.apache.org/thread.html/07bd68ad237a5d513751d6d2731a8828f902c738ea57d85c1a72bad3%40%3Cdev.thrift.apache.org%3E
- https://lists.apache.org/thread.html/r228ac842260c2c516af7b09f3cf4cf76e5b9c002e359954a203ab5a5@%3Cdev.thrift.apache.org%3E
- https://lists.apache.org/thread.html/r53c03e1c979b9c628d0d65e0f49dd9a9f9d7572838727ad11b750575@%3Cuser.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/r67a704213d13326771f46c84bbd84c8281bb93946e155e0e40abcb4c@%3Ccommits.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/rce0d368a78b42c545f26c2e6e91e2b8a91b27b60d0cb45fe1911d337%40%3Cnotifications.thrift.apache.org%3E
- https://lists.apache.org/thread.html/rce0d368a78b42c545f26c2e6e91e2b8a91b27b60d0cb45fe1911d337@%3Cnotifications.thrift.apache.org%3E
- https://lists.apache.org/thread.html/r137753c9df8dd9065bea27a26af49aadc406b5a57fc584fefa008afd@%3Cdev.thrift.apache.org%3E
- https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f%40%3Ccommits.pulsar.apache.org%3E
What are Similar Vulnerabilities to CVE-2019-0205?
Similar Vulnerabilities: CVE-2024-2048 , CVE-2020-10660 , CVE-2020-13490 , CVE-2023-46294 , CVE-2021-38290
