OpenSSL 3.2 RPK: Server auth failures bypassed, enabling MITM
CVE-2024-12797 Published on February 11, 2025
RFC7250 handshakes with unauthenticated servers don't abort as expected
Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a
server may fail to notice that the server was not authenticated, because
handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode
is set.
Impact summary: TLS and DTLS connections using raw public keys may be
vulnerable to man-in-middle attacks when server authentication failure is not
detected by clients.
RPKs are disabled by default in both TLS clients and TLS servers. The issue
only arises when TLS clients explicitly enable RPK use by the server, and the
server, likewise, enables sending of an RPK instead of an X.509 certificate
chain. The affected clients are those that then rely on the handshake to
fail when the server's RPK fails to match one of the expected public keys,
by setting the verification mode to SSL_VERIFY_PEER.
Clients that enable server-side raw public keys can still find out that raw
public key verification failed by calling SSL_get_verify_result(), and those
that do, and take appropriate action, are not affected. This issue was
introduced in the initial implementation of RPK support in OpenSSL 3.2.
The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
Vulnerability Analysis
CVE-2024-12797 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
Missing Report of Error Condition
The software encounters an error but does not provide a status code or return value to indicate that an error has occurred.
Products Associated with CVE-2024-12797
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-12797 are published in these products:
Affected Versions
OpenSSL:- Version 3.4.0 and below 3.4.1 is affected.
- Version 3.3.0 and below 3.3.3 is affected.
- Version 3.2.0 and below 3.2.4 is affected.
Vulnerable Packages
The following package name and versions may be associated with CVE-2024-12797
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| pip | cryptography | >= 42.0.0, < 44.0.1 | 44.0.1 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.