Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-72839

Server skips peer certificate validation if neither CAFile nor clusterCAFile is provided

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 7.1.0-rc4, 7.0.6, 5.0.25, 4.4.29, 6.0.14
    • Affects Version/s: 7.0.5, 6.0.13, 5.0.24, 4.4.28
    • Component/s: None
    • Labels:
      None
    • Server Security
    • Fully Compatible
    • ALL
    • v7.0, v6.0, v5.0, v4.4, v4.2
    • Security 2023-01-23, Security 2023-02-06, Security 2023-02-20, Security 2023-03-06, Security 2023-03-20, Security 2023-04-03, Security 2023-04-17, Security 2023-05-01, Security 2023-05-15, Security 2023-05-29, Security 2023-06-12, Security 2023-06-26, Security 2023-07-10, Security 2023-07-24, Security 2023-08-07, Security 2023-08-21, Security 2023-09-04, Security 2023-09-18

      Issue summary SERVER-72839

      Starting mongod with TLS now requires specifying a certificate authority:

      A security vulnerability was found where a server process running MongoDB 3.2.6 or later will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured (CVE-2024-1351) .

      The expected behavior is that this configuration should have validated client certificates against the system CA store.

      Atlas clusters are not affected by this vulnerability.

      Changes in valid configurations:

      This behavior is fixed in version 4.4.29, 5.0.25, 6.0.14 and 7.0.6.

      As a result of this fix, MongoDB no longer supports a configuration that enables TLS without explicitly specifying a chain of trust. The server now only allows the following configuration options / server parameter when TLS is configured (.net.tls.mode is 'allowTLS' or greater):

      • (Config) .net.tls.CAFile
      • (Config) .net.tls.CAFile and .net.tls.clusterCAFile
      • (Server Parameter) tlsUseSystemCA

      A server in this invalid configuration will fail to start and generate the following error message in the log file:

      The use of TLS without specifying a chain of trust is no longer supported. See "https://jira.mongodb.org/browse/SERVER-72839 for details."
      

      Configuring a server to validate client certificates against the system CA now requires the usage of a new server parameter named tlsUseSystemCA.

      Next Steps:

      To configure a server to use the System CA, start the server with the tlsUseSystemCA server parameter set to true. (See the --setParameter mongod option)

      Note that some applications may have been inadvertently using this behavior to allow connections using certificates which are invalid. As such, correctly configuring a server to use the System CA will result in client connections failing.

      Troubleshooting

      If client connections start failing after setting the tlsUseSystemCA parameter, then clients are presenting invalid certificates that are not valid according to the system CA.

      If client connections start failing after setting the tlsUseSystemCA parameter - users may want to:

      1. Restart the server with the net.tls.allowInvalidCertificates option in the server configuration file to allow client connections with invalid certificates.
      2. Note that the use of net.tls.allowInvalidCertificates is fundamentally unsafe. This option should only be enabled on an interim basis to allow for investigating why certificates are not valid according to the System CA. The net.tls.allowInvalidCertificates should be removed as soon as possible.
      3. Review certificates being provided by clients to assess why they are failing System CA validation.

      Previous Description:

      The documentation says that:

      If --tlsCAFile or tls.CAFile is not specified and you are not using x.509 authentication, the system-wide CA certificate store will be used when connecting to an TLS-enabled server.

      However, when a server is configured with neither CAFile nor clusterCAFile, it will skip peer certificate validation on both ingress and egress TLS connections. The expectation is that on egress connection, the node (client) should at least verify the peer (server's) certificate using the system CA cert store.

      Note, this only applies to server processes (mongod and mongos), the shell is not affected.

            Assignee:
            brad.moore@mongodb.com Brad Moore
            Reporter:
            erwin.pe@mongodb.com Erwin Pe
            Votes:
            0 Vote for this issue
            Watchers:
            19 Start watching this issue

              Created:
              Updated:
              Resolved: