-
-
Save artfire52/84f7279a4119d6f90381ac49d7121121 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In OPC UA, the address space refers to the data made available by the server to the client. | |
There are two levels of security involved. | |
The first level is the secure channel, which encompasses encryption, signature, and application authentication. | |
Howerver, Asyncua did not implement it for version concerned by this vulnerability. | |
The second layer of security is related to user authentication and authorization. However, | |
utilizing this second layer was found to be unnecessary since all services reserved for authenticated | |
clients could be accessed without employing the second layer of security. | |
To sum up, anyone who knows the ip address of the server is able to access all data (if the server is running a vulnerable version). | |
#How was the vulnerability discovered ? | |
During my experiments for my Ph.D., I identified this vulnerability and promptly alerted the maintainers | |
by creating an issue on Git, as their request. | |
#Reproduce: | |
To reproduce this vulnerability: | |
0/send hello message | |
1/create a secure channel (without encryption and without signature), | |
2/create session (no authentication required, activating a session is the operation that is used for authentication). | |
3/use services provided by the server | |
All of this is described in the issue | |
https://github.com/FreeOpcUa/opcua-asyncio/issues/1014 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment