Botan TLS 1.3 Client Authentication Bypass Vulnerability

A vulnerability in the Botan C++ cryptography library's TLS 1.3 implementation prior to version 3.11.1 allows for a client authentication bypass. This occurs because the library processed ApplicationData records before receiving the Finished message. As a result, a client could omit the Certificate, CertificateVerify, and Finished messages, and instead send application data, bypassing server authentication checks. This issue is particularly problematic for servers enforcing client certificate authentication.

Impact

Exploiting this vulnerability allows a client to bypass server authentication requirements, potentially leading to unauthorized access or actions on the server.

Remediation

Users can upgrade to Botan version 3.11.1 or later to address this vulnerability. Alternatively, TLS 1.3 can be disabled in favor of TLS 1.2, which properly enforces the message order. If peer certificate authentication is required, applications can check the peer certificate chain or override the TLS inspection callbacks to ensure that the Finished message is received.