CVE-2024-45337
Authorization Bypass vulnerability in crypto (Go)
What is CVE-2024-45337 About?
This authorization bypass vulnerability affects applications misusing the `ServerConfig.PublicKeyCallback` in `golang.org/x/crypto`. It allows an attacker to gain unauthorized access or manipulate authorization decisions by exploiting the callback's behavior regarding public key authentication. Exploitation is of medium complexity, relying on specific application logic errors, but can have significant impact.
Affected Software
Technical Details
The vulnerability arises from a misunderstanding or misuse of the ServerConfig.PublicKeyCallback function in SSH server implementations using golang.org/x/crypto. The callback's purpose is to indicate whether a public key is acceptable, not necessarily the one used for authentication. Attackers can send multiple public keys (e.g., A and B) and then authenticate with key A. A vulnerable application that stores and makes authorization decisions based on the last key passed to PublicKeyCallback (e.g., key B), rather than the one used for successful authentication, will incorrectly grant privileges associated with key B, which the attacker does not control. This effectively bypasses authorization checks for a key the attacker has not proven ownership of. The mitigation involves the golang.org/x/crypto@v0.31.0 update ensuring the last key passed to PublicKeyCallback is the one used for successful authentication, but robust applications should use ServerConn.Permissions and its Extensions field for authorization decisions post-authentication.
What is the Impact of CVE-2024-45337?
Successful exploitation may allow attackers to bypass intended authorization controls, gain unauthorized access to resources, or elevate their privileges within the system, leading to data exfiltration, service disruption, or complete system compromise.
What is the Exploitability of CVE-2024-45337?
Exploitation requires remote access to an SSH server implementing the vulnerable ServerConfig.PublicKeyCallback and involves crafting a specific sequence of public key presentations and authentication attempts. No prior authentication is strictly required for the initial communication phase, but the attack relies on the server attempting public key authentication. Privilege requirements are essentially those of a standard SSH client, but the outcome grants elevated or unintended access. The complexity is moderate, requiring an understanding of the SSH authentication flow and how the PublicKeyCallback is misused by the target application. This attack is constrained by the application's flawed authorization logic, where decisions are made based on the order of PublicKeyCallback calls rather than the successfully authenticated key. The likelihood of exploitation increases if developers rely on implicit assumptions about the callback's behavior instead of robustly verifying the authenticated key via ServerConn.Permissions.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| NHAS | Link | Proof of concept (POC) for CVE-2024-45337 |
| NHAS | Link | An example project that showcases golang code vulnerable to CVE-2024-45337 |
| peace-maker | Link | Proof of Concept for CVE-2024-45337 against Gitea and Forgejo |
What are the Available Fixes for CVE-2024-45337?
About the Fix from Resolved Security
The patch changes the public key cache from storing up to 16 entries to only storing the most recent one, ensuring the last key passed to PublicKeyCallback is always the one used for authentication. This fix prevents the cache from serving stale or previously seen keys, which could allow authentication bypass or privilege escalation, resolving the vulnerability in CVE-2024-45337.
Available Upgrade Options
- golang.org/x/crypto
- <0.31.0 → Upgrade to 0.31.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://security.netapp.com/advisory/ntap-20250131-0007
- http://www.openwall.com/lists/oss-security/2024/12/11/2
- https://osv.dev/vulnerability/GHSA-v778-237x-gjrc
- https://go.dev/cl/635315
- https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909
- https://github.com/golang/crypto
- https://security.netapp.com/advisory/ntap-20250131-0007/
- https://go.dev/issue/70779
- https://osv.dev/vulnerability/GO-2024-3321
- https://pkg.go.dev/vuln/GO-2024-3321
What are Similar Vulnerabilities to CVE-2024-45337?
Similar Vulnerabilities: CVE-2023-28435 , CVE-2022-39399 , CVE-2020-25633 , CVE-2019-15555 , CVE-2018-1000650
