Wazuh Manager SSL/TLS Renegotiation Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Wazuh Manager authd service, specifically in versions of the wazuh-manager package through 4.7.3. This vulnerability arises from an improper restriction of client-initiated SSL/TLS renegotiation, allowing remote attackers to send excessive renegotiation requests. The exploitation of this flaw can lead to increased CPU usage, causing the authd service to become unavailable.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the authd service to consume excessive CPU resources and become unavailable.

Reproduction

The vulnerability can be reproduced by sending a high volume of client-initiated SSL/TLS renegotiation requests to the Wazuh Manager authd service over port 1515/tcp. This can be done using a tool like OpenSSL s_client, which allows for the manual initiation of renegotiation requests. The server's response can be observed to confirm the successful exploitation of the vulnerability.

Remediation

Users can upgrade to Wazuh Manager version 4.8.0 or later to address this vulnerability.