Wget2 Improper Certificate Validation Vulnerability Allowing TLS Server Authentication Misuse
Vulnerability
A vulnerability exists in Wget2 due to improper validation of server certificates, specifically regarding Key Usage (KU) and Extended Key Usage (EKU) attributes. This flaw allows an attacker to exploit a compromised certificate, with its private key, that was issued for a different purpose, and reuse it for TLS server authentication. The vulnerability affects Wget2 versions prior to 2.2.2.
Impact
Exploitation of this vulnerability could lead to unauthorized TLS server authentication, allowing an attacker to present a compromised certificate as valid for server identity verification.
Reproduction
The vulnerability can be reproduced by generating a private key and an X.509 certificate with incorrect Key Usage or Extended Key Usage attributes. After creating a valid certificate, an invalid one can be generated by altering the Key Usage or Extended Key Usage fields. When a TLS server is configured to use the invalid certificate, Wget2 can be used to connect to the server. Despite the certificate being improperly validated, the connection will succeed, demonstrating the vulnerability.
Remediation
Users are advised to upgrade to Wget2 version 2.2.2 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.