rfc3161-client Authorization Bypass Vulnerability Allowing Impersonation of Trusted Time-Stamping Authorities

An authorization bypass vulnerability has been identified in the rfc3161-client library, which implements the Time-Stamp Protocol (TSP) as described in RFC 3161. This vulnerability, present in versions through 1.0.5, allows attackers to impersonate a trusted Time-Stamping Authority (TSA) by exploiting a logic flaw in the library's signature verification process. The issue arises from the library's method of extracting the leaf certificate from an unordered PKCS#7 bag of certificates. Attackers can append a spoofed certificate that matches the target common name and Extended Key Usage (EKU) requirements, tricking the library into verifying these authorization rules against the forged certificate while using the cryptographic signature from an actual trusted TSA, such as FreeTSA. This bypasses the intended TSA authorization pinning entirely.

Impact

Exploitation of this vulnerability allows for authorization bypass in certificate validation, enabling attackers to impersonate a TSA. This could lead to applications incorrectly trusting forged timestamps as being from a legitimate source.

Reproduction

The vulnerability can be reproduced by generating a spoofed certificate that meets the verification criteria of the rfc3161-client library. This involves acquiring a legitimate timestamp response from a trusted TSA, creating a self-signed certificate that matches the required common name and EKU, and injecting this spoofed certificate into the PKCS#7 bag of certificates in a way that bypasses the library's validation checks. Once the forged certificate is accepted, the vulnerability is successfully exploited.

Remediation

Users are advised to update rfc3161-client to version 1.0.6 or later, where this vulnerability has been fixed.