Miggo Logo

CVE-2022-22935: SaltStack Salt Improper Authentication via Man in the Middle Attack

3.7

CVSS Score
3.1

Basic Information

EPSS Score
0.18494%
Published
3/30/2022
Updated
10/22/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
saltpip< 3002.83002.8
saltpip>= 3003, < 3003.43003.4
saltpip>= 3004, < 3004.13004.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insufficient authentication in the minion-master handshake. Release notes explicitly mention adding signatures to authentication replies to mitigate MiTM attacks. The core issue would exist in functions handling authentication responses:

  1. Network-layer authentication processing (ZeroMQ channel)
  2. Cryptographic verification routines These components would be responsible for unsigned/improperly verified master responses in vulnerable versions. The high confidence comes from the explicit documentation of the security fix pattern (adding message signing) and Salt's known architecture.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in S*ltSt**k S*lt in v*rsions ***or* ****.*, ****.*, ****.*. * minion *ut**nti**tion **ni*l o* s*rvi** **n **us* * MiTM *tt**k*r to *or** * minion pro**ss to stop *y imp*rson*tin* * m*st*r.

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt *ut**nti**tion in t** minion-m*st*r **n*s**k*. R*l**s* not*s *xpli*itly m*ntion ***in* si*n*tur*s to *ut**nti**tion r*pli*s to miti**t* MiTM *tt**ks. T** *or* issu* woul* *xist in *un*tions **n*lin* *ut**nti*