Caddy mTLS Client Authentication Bypass Vulnerability

A vulnerability in Caddy's mTLS client certificate authentication allows for unintended acceptance of client certificates. This issue arises when the CA certificate file is missing, unreadable, or malformed, causing authentication to fail open. The server, while starting without errors, accepts any client certificate signed by system-trusted CAs, bypassing the intended private CA trust boundary. This vulnerability affects Caddy versions prior to 2.11.1.

Impact

Exploitation of this vulnerability allows any system-trusted client certificate to be accepted, regardless of the intended CA, potentially leading to unauthorized access or actions.

Reproduction

To reproduce this vulnerability, configure Caddy with mTLS client authentication pointing to a nonexistent CA file. Start the server, which will run without errors. Then, connect to the server using any client certificate, even if self-signed. The TLS handshake will succeed, demonstrating that the server accepted a certificate not signed by the intended CA.

Remediation

Upgrade to Caddy version 2.11.1, which addresses this vulnerability by ensuring that errors in CA certificate provisioning are properly reported, allowing for correct mTLS configuration.