| शीर्षक | Cesanta Mongoose 7.20 Improper Verification of Cryptographic Signature |
|---|
| विवरण | The mg_aes_gcm_decrypt() function in /src/tls_aes128.c never verifies the GCM authentication tag during decryption, completely bypassing the authentication guarantee of the AEAD cipher. The function's signature does not even accept a tag or associated data (AAD) parameter, and internally hardcodes tag_len = 0 and tag_buf = NULL. By contrast, the corresponding mg_aes_gcm_encrypt() function correctly accepts and generates tags with AAD, creating a stark asymmetry where outgoing records are properly tagged but incoming records are never authenticated. Because AES-GCM uses AES-CTR mode for encryption, this allows a man-in-the-middle attacker to perform bit-flipping attacks on any TLS record, modifying encrypted data in transit with byte-level precision, and the device running Mongoose will accept the tampered record as authentic. This renders TLS connections using the built-in TLS implementation with AES-128-GCM completely unauthenticated.
Vendor was made aware of the vulnerability and a patch was released in version 7.21 |
|---|
| स्रोत | ⚠️ https://github.com/dwBruijn/CVEs/blob/main/Mongoose/AESGCM.md |
|---|
| उपयोगकर्ता | dwbruijn (UID 93926) |
|---|
| सबमिशन | 03/04/2026 07:25 AM (3 महीनों पहले) |
|---|
| संयम | 24/04/2026 09:13 PM (22 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359529 [Cesanta Mongoose तक 7.20 GCM Authentication Tag /src/tls_aes128.c mg_aes_gcm_decrypt कमजोर प्रमाणीकरण] |
|---|
| अंक | 20 |
|---|