Vulnerability: Bypass of Challenge-Response Protocol in Keylime Registrar

Vulnerability: Bypass of Challenge-Response Protocol in Keylime Registrar

CVE-2023-38201 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.

Learn more about our User Device Pen Test.