Executive Summary

This vulnerability is an X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier function wolfSSL_X509_verify_cert(). It occurs when an application uses builds with the --enable-opensslextra option and calls X509_verify_cert() with untrusted intermediate certificates supplied by the caller.

The issue arises because the verifier returns success based only on the last verified link in the certificate chain rather than confirming that the chain reaches a trusted root (trust anchor). When the supplied certificate chain is deeper than the verifier's maximum path depth (default is 100), the path-building process runs out of depth while still processing untrusted intermediates, causing the chain to be accepted even though it never reaches a trusted anchor.

This allows an attacker to present a malicious certificate that is accepted as valid. Note that native wolfSSL TLS/DTLS usage and the default TLS handshake verification (WOLFSSL_VERIFY_PEER) are not affected; only applications performing manual or deferred verification through this API are vulnerable.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker to bypass certificate trust verification, potentially enabling them to impersonate trusted entities by presenting attacker-controlled certificates that are incorrectly accepted as valid.

As a result, secure communications relying on certificate validation could be compromised, leading to risks such as man-in-the-middle attacks, data interception, or unauthorized access.

However, this impact only applies if your application uses wolfSSL with the --enable-opensslextra build option and performs manual or deferred certificate verification using X509_verify_cert() with untrusted intermediates. If you use native wolfSSL TLS/DTLS or the default TLS handshake verification, you are not affected.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, ensure that your application does not call X509_verify_cert() with caller-supplied untrusted intermediates when using builds with --enable-opensslextra.

If your application uses the default TLS handshake (WOLFSSL_VERIFY_PEER), it is not affected.

Consider avoiding manual or deferred verification through this API or update your wolfSSL build to a version that addresses this issue.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows acceptance of attacker-controlled certificates due to a trust-chain bypass in the OpenSSL compatibility certificate verifier. Such a flaw can undermine the integrity and authenticity of TLS connections, potentially leading to unauthorized access or data interception.

Because standards like GDPR and HIPAA require strong protections for data confidentiality and integrity, this vulnerability could negatively impact compliance by exposing sensitive data to attackers if exploited.

However, the vulnerability affects only specific wolfSSL builds with --enable-opensslextra and applications that manually verify certificates using X509_verify_cert() with untrusted intermediates. Native wolfSSL TLS/DTLS usage and default TLS handshakes are not impacted.

Therefore, organizations using affected configurations must address this vulnerability promptly to maintain compliance with security requirements in common standards and regulations.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves a trust-chain bypass in the wolfSSL OpenSSL compatibility certificate verifier when verifying certificate chains with untrusted intermediates exceeding the maximum path depth. Detection involves identifying if your application uses wolfSSL with the --enable-opensslextra build option and calls X509_verify_cert() with caller-supplied untrusted intermediates.

To detect exploitation attempts or vulnerable usage on your system, you should monitor certificate verification processes that use wolfSSL's OpenSSL compatibility layer, especially those manually verifying certificate chains.

Since this is a library-level vulnerability, direct network detection commands are not straightforward. However, you can check the wolfSSL version and build options to confirm if your system is vulnerable.

• Check wolfSSL version installed: `wolfssl-version` or check the version in your application logs or binaries.
• Verify if wolfSSL was built with --enable-opensslextra by inspecting build configuration or documentation.
• Review application code or logs to see if X509_verify_cert() is called with caller-supplied untrusted intermediates.
• Update wolfSSL to version 5.9.2 or later, which includes fixes for this vulnerability.

Useful 0 Not Useful 0