Phala Network dcap-qvl Library QE Identity Verification Vulnerability Bypasses Remote Attestation Security

A critical vulnerability has been identified in the Phala Network dcap-qvl library, specifically in versions prior to 0.3.9. The issue arises from a significant flaw in the cryptographic verification process of Quoting Enclave (QE) Identity collateral, which is fetched from the Platform Certificate Chain Service (PCCS). The library fails to verify the QE Identity signature against its certificate chain and does not apply necessary policy constraints on the QE Report. This oversight allows attackers to forge QE Identity data, potentially whitelisting malicious or non-Intel Quoting Enclaves. Consequently, attackers can create counterfeit QE signatures and sign untrusted quotes that are accepted as valid by the verifier, effectively undermining the entire remote attestation security model. All deployments using the dcap-qvl library for Software Guard Extensions (SGX) or Trusted Execution Environment (TDX) quote verification are affected.

Impact

Exploitation of this vulnerability allows attackers to bypass the remote attestation security model, enabling them to forge QE signatures and create untrusted quotes that are accepted as valid by the verifier.

Remediation

Users must upgrade to dcap-qvl version 0.3.9 or later to ensure proper verification of QE Identity collateral. Those using the '@phala/dcap-qvl-node' and '@phala/dcap-qvl-web' packages should switch to the pure JavaScript implementation, '@phala/dcap-qvl'.