CVE-2018-1841

Vulnerability

IBM Cloud Private 2.1.0 stores the Certificate Authority (CA) private key in the /etc/cfc directory on the boot/master node. The file permissions are not sufficiently restricted, making the key world-readable. This affects all installations of version 2.1.0. [1]

Exploitation

A local user with access to the boot/master node can read the CA private key by navigating to the /etc/cfc directory. No authentication beyond local login is required, as the file is world-readable. The attacker does not need special privileges or user interaction. [1]

Impact

Successful exploitation allows an attacker to obtain the CA private key, which can be used to decrypt sensitive communications or impersonate trusted services within the IBM Cloud Private environment. This constitutes a high confidentiality impact, with no impact on integrity or availability. [1]

Mitigation

IBM has released version 3.1.0 (and higher) which includes the fix. Users of 2.1.0.x should upgrade to 3.1.0 or later, available from IBM Passport Advantage. As a workaround, administrators can set file system permissions manually: chmod 0700 for all directories under /etc/cfc and chmod 0600 for all files under /etc/cfc. [1]