A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
The severity of this vulnerability is classified as critical, with a CVSS score of 9.4. This means it poses a significant risk to organizations, as it can be exploited over the network with low complexity and no required privileges.
Risk to organizations includes unauthorized administrative access, potential data exposure, and system integrity issues due to the lack of enforced authentication. Attackers may leverage this vulnerability to gain control over Keylime-managed systems, making prompt action essential.
Organizations should prioritize patching immediately to address this vulnerability and secure their systems against potential exploitation.
Vulnerability Details
The vulnerability allows unauthenticated clients to perform actions that should be restricted. The CVSS score of 9.4 indicates a critical severity level, which means immediate attention is required. The vulnerability was published on February 6, 2026, and the affected systems include Keylime and various Red Hat Enterprise Linux distributions.
Technical Analysis
The root cause of this vulnerability lies in the failure to enforce client-side TLS authentication. This oversight allows attackers on the network to connect to the Keylime registrar without a valid certificate. The attack vector is network-based, and the complexity is low, requiring no user interaction or privileges.
Risk & Impact Analysis
Real-world deployment risk includes unauthorized access to sensitive operations that can lead to data breaches and system integrity issues. The urgency for organizations to address this vulnerability is high due to its critical nature and the potential blast radius of exploitation.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
All versions of Keylime prior to 7.12.0 are affected. Additionally, Red Hat Enterprise Linux 9.0, 10.0, and their respective EUS versions for various architectures are also vulnerable.
Mitigation & Remediation
Organizations should upgrade to Keylime version 7.12.0 or later to mitigate this vulnerability. If an immediate upgrade is not possible, consider implementing configuration hardening to enforce client-side TLS authentication and limiting network access to the Keylime registrar.
Detection Guidance
Monitor logs for unauthorized access attempts to the Keylime registrar, and track any unusual administrative actions that could indicate exploitation of this vulnerability.
AppSecure Threat Intelligence Insight
This vulnerability highlights the critical need for robust security practices around TLS configurations. Security teams should regularly review authentication mechanisms and ensure that all services enforce strict client-side authentication.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)