Cesanta Mongoose Authorization Bypass Vulnerability in P-384 Public Key Handler

A vulnerability allowing authorization bypass has been identified in Cesanta Mongoose versions through 7.20. The issue arises in the P-384 Public Key Handler, specifically within the `mg_tls_verify_cert_signature` function in `mongoose.c`. This vulnerability allows any client certificate signed by a Certificate Authority (CA) with a P-384 public key to be accepted by a mutual TLS (mTLS) server, bypassing authentication requirements. The vulnerability can be exploited remotely, without any authentication, by manipulating the certificate verification process.

Impact

Exploitation of this vulnerability leads to an mTLS authentication bypass, allowing unauthorized clients to be accepted by the server.

Reproduction

The vulnerability can be reproduced by generating a P-256 client certificate signed by a fake CA with a P-384 public key. This certificate can then be presented to an mTLS server that is configured to require P-384 certificates. The server will incorrectly accept the certificate, bypassing authentication.

Remediation

Users are advised to upgrade to Cesanta Mongoose version 7.21, which addresses this vulnerability.