Foreman-Proxy Pentest Findings

Baboon · November 4, 2020, 4:16pm

Hello Foreman Team,

Our customer has some problems with an older Foreman version (1.22). I am listing 3 problems here, maybe you can help us here:

Problem:

Foreman proxy: Suppression of the Foreman proxy version in error pages and HTTP headers
Foreman proxy: Deactivation of Secure Client-Initiated Renegotiation
Foreman proxy: deactivation of cipher suites without forward secrecy**

Expected outcome:

It is recommended to prevent disclosure of the server version in the HTTP server header with the appropriate server settings.
Able to deactivate “Secure Client-Initiated Renegotiation”
In the installed Foreman version 1.22, Ciphers that meet this requirement should be used automatically**

Foreman and Proxy versions: 1.22

Foreman and Proxy plugin versions:

Distribution and version:

Other relevant data:

3. Testing vulnerabilities
...
Secure Client-Initiated Renegotiation     VULNERABLE (NOT ok), DoS threat
...


Testing all 118 locally available ciphers against the server, ordered by encryption strength

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.  Encryption Bits
------------------------------------------------------------------------
x9d     AES256-GCM-SHA384                 RSA        AESGCM    256
x3d     AES256-SHA256                           RSA        AES       256
x35     AES256-SHA                                  RSA        AES       256
x9c     AES128-GCM-SHA256                 RSA        AESGCM    128
x3c     AES128-SHA256                           RSA        AES       128
x2f     AES128-SHA                                  RSA        AES       128

#####################################################

Thanks and have a great day!

ekohl · November 4, 2020, 4:42pm

I took the liberty of reformatting your post to make it more readable.

This is an unsupported version. Please update to at least version 2.1.

This is not supported right now and hardcoded here:

github.com

theforeman/smart-proxy/blob/4ef9588e4eaf6bd50822b91da949fd9ab2433bd0/lib/launcher.rb#L98


      
                logger.warn "TLSv#{version} was not found."
              end
            end
          
            {
              :app => app,
              :server => :webrick,
              :DoNotListen => true,
              :Port => https_port, # only being used to correctly log https port being used
              :Logger => ::Proxy::LogBuffer::Decorator.instance,
              :ServerSoftware => "foreman-proxy/#{Proxy::VERSION}",
              :SSLEnable => true,
              :SSLVerifyClient => OpenSSL::SSL::VERIFY_PEER,
              :SSLPrivateKey => load_ssl_private_key(settings.ssl_private_key),
              :SSLCertificate => load_ssl_certificate(settings.ssl_certificate),
              :SSLCACertificateFile => settings.ssl_ca_file,
              :SSLOptions => ssl_options,
              :SSLCiphers => CIPHERS - Proxy::SETTINGS.ssl_disabled_ciphers,
              :daemonize => false,
            }
          end

Patches welcome.

This is an interesting one. In 2.1 we updated the Smart Proxy to Ruby 2.5 (at least on CentOS) and dropped TLS < 1.2. That may affect it (in a positive way). Please also share the OS you are on.

At least on my CentOS 8 + Foreman Proxy 2.1:

# openssl s_client -CAfile /etc/puppetlabs/puppet/ssl/certs/ca.pem -connect $HOSTNAME:8443
...
---
No client certificate CA names sent
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3743 bytes and written 433 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
...

1.24 includes this commit:

tbrisker · November 4, 2020, 6:00pm

As suggested, you should upgrade to the latest releases as older versions do have known security issues (see Foreman :: Security for the full list).
Additionally, for future reference, any security concerns should be sent to the Foreman security team directly by mail and not shared on a public forum post.

Baboon · November 12, 2020, 9:44am

Thank you very much for the help and and the instructions! Very fast response from you guys!