Indy Node's vulnerability, CVE-2022-31020, allows remote code execution in versions <= 1.12.4. Learn about the impact, technical details, and mitigation steps for this high-severity flaw.
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the
pool-upgrade
request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. Learn more about the impact, technical details, and mitigation steps related to CVE-2022-31020.
Understanding CVE-2022-31020
This section provides detailed insights into the CVE-2022-31020 vulnerability affecting hyperledger's indy-node.
What is CVE-2022-31020?
CVE-2022-31020 involves a remote code execution vulnerability in Indy's NODE_UPGRADE transaction, allowing attackers to execute code on nodes within the network.
The Impact of CVE-2022-31020
The vulnerability has a high severity rating with a CVSS base score of 8.8. It poses a significant risk to confidentiality, integrity, and availability as attackers can execute code on network nodes.
Technical Details of CVE-2022-31020
Explore the technical aspects of the CVE-2022-31020 vulnerability affecting hyperledger's indy-node.
Vulnerability Description
The vulnerability arises from an improperly authenticated
pool-upgrade
request handler, enabling remote code execution on vulnerable nodes.
Affected Systems and Versions
Indy-Node versions up to and including 1.12.4 are impacted by this vulnerability.
Exploitation Mechanism
Attackers can exploit the vulnerability by sending malicious
pool-upgrade
transactions to the nodes, leveraging the lack of proper authentication.
Mitigation and Prevention
Discover the steps to mitigate and prevent the exploitation of CVE-2022-31020.
Immediate Steps to Take
Endorsers should avoid creating DIDs for untrusted users. Vulnerable ledgers should configure
auth_rules
to prevent new DIDs from being written until the network is upgraded.
Long-Term Security Practices
Implement robust authentication mechanisms, regularly update the network, and follow security best practices to enhance the overall security posture.
Patching and Updates
Upgrade to Indy-Node version 1.12.5 or newer, where the
pool-upgrade
request handler has been patched to properly authenticate transactions and prevent remote code execution.