vulnerability

Red Hat: CVE-2023-38201: challenge-response protocol bypass during agent registration (Multiple Advisories)

Name: Red Hat: CVE-2023-38201: challenge-response protocol bypass during agent registration (Multiple Advisories)
Creator: Red Hat
Published: 2023-08-25T00:00:00.000Z
Keywords: CVE, CWE-639, Red Hat, 2023, 38201, challenge, redhat-upgrade-keylime, redhat-upgrade-keylime-base, redhat-upgrade-keylime-registrar, redhat-upgrade-keylime-selinux, redhat-upgrade-keylime-tenant, redhat-upgrade-keylime-verifier, redhat-upgrade-python3-keylime, Severity 6

Try Surface Command

Back to search

Severity

CVSS

(AV:A/AC:L/Au:N/C:N/I:C/A:N)

Published

Aug 25, 2023

Added

Sep 13, 2023

Modified

Mar 27, 2026

Description

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.

Solutions

redhat-upgrade-keylimeredhat-upgrade-keylime-baseredhat-upgrade-keylime-registrarredhat-upgrade-keylime-selinuxredhat-upgrade-keylime-tenantredhat-upgrade-keylime-verifierredhat-upgrade-python3-keylime

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report