Executive Summary

This vulnerability affects the Keylime verifier component, which is responsible for TPM quote attestation. Instead of using a cryptographically random challenge nonce, the verifier uses a hardcoded nonce. An attacker with root access on a monitored machine running the Keylime agent can exploit this by collecting valid TPM quotes generated with the known nonce during a short timeout window.

The attacker can then compromise the system and replay these previously collected TPM quotes to evade detection by the verifier. This issue only affects the push model deployment of Keylime, not the pull model.

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability allows an attacker with root access on a monitored machine to evade detection after compromising the system. By replaying previously collected TPM quotes, the attacker can make the system appear trustworthy to the Keylime verifier even though it has been compromised.

This can lead to prolonged undetected system compromise, potentially allowing further malicious activities or data breaches.

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves monitoring the behavior of the Keylime agent and verifier on enrolled monitored machines, specifically those using the push model deployment.

Since the vulnerability involves the use of a hardcoded challenge nonce for TPM quote attestation, one detection approach is to check if the Keylime verifier is using a fixed nonce rather than a cryptographically random value.

Commands to inspect the Keylime agent and verifier configuration or logs might include:

• Checking the Keylime agent process and its status: `ps aux | grep keylime`
• Reviewing Keylime verifier logs for repeated TPM quotes with identical nonces or suspicious replay activity: `journalctl -u keylime-verifier` or checking log files in `/var/log/keylime/`
• Verifying the nonce value used in TPM quote attestation by inspecting the verifier source code or configuration files to confirm if a hardcoded nonce is present.

Because exploitation requires root access and involves stopping and restarting the Keylime agent within a short timeout window, monitoring for unexpected agent restarts or suspicious timing patterns may also help detect exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps focus on preventing exploitation by addressing the use of the hardcoded challenge nonce in the Keylime verifier.

• Upgrade or patch the Keylime verifier to a version that generates cryptographically random nonces for TPM quote attestation instead of using a hardcoded value.
• If an upgrade is not immediately possible, consider disabling the push model deployment and switching to the pull model deployment, which is not affected by this vulnerability.
• Restrict root access on enrolled monitored machines to trusted administrators only, as exploitation requires root privileges.
• Monitor and audit Keylime agent activity to detect suspicious restarts or unusual TPM quote patterns that may indicate exploitation attempts.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in Keylime verifier allows an attacker with root access to replay TPM quotes to evade detection after compromising a system. This evasion of detection could potentially undermine the integrity and security controls expected by compliance standards such as GDPR and HIPAA, which require protection of system integrity and timely detection of unauthorized access or compromise.

However, the provided information does not explicitly state the direct impact on compliance with these standards or regulations.

Useful 0 Not Useful 0