CWE-547
AllowedUse of Hard-coded, Security-relevant Constants
Abstraction: Base · Status: Draft
The product uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy change.
23 vulnerabilities reference this CWE, most recent first.
CVE-2019-14837 (GCVE-0-2019-14837)
Vulnerability from cvelistv5 – Published: 2020-01-07 16:33 – Updated: 2024-08-05 00:26| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://issues.jboss.org/browse/KEYCLOAK-10780 | x_refsource_CONFIRM |
| https://github.com/keycloak/keycloak/commit/9a7c1… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/KEYCLOAK-10780"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/keycloak/keycloak/commit/9a7c1a91a59ab85e7f8889a505be04a71580777f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "keycloak",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "before 8.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in keycloack before version 8.0.0. The owner of \u0027placeholder.org\u0027 domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name \u0027test\u0027 the email address will be \u0027service-account-test@placeholder.org\u0027."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-547",
"description": "CWE-547",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-07T16:33:21.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/KEYCLOAK-10780"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/keycloak/keycloak/commit/9a7c1a91a59ab85e7f8889a505be04a71580777f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14837",
"datePublished": "2020-01-07T16:33:21.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:26:39.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-4C4V-FMMJ-PCVC
Vulnerability from github – Published: 2024-12-24 06:30 – Updated: 2024-12-24 06:30Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
{
"affected": [],
"aliases": [
"CVE-2024-41885"
],
"database_specific": {
"cwe_ids": [
"CWE-547"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-24T06:15:34Z",
"severity": "MODERATE"
},
"details": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u00a0The seed string for the encrypt key was hardcoding.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.",
"id": "GHSA-4c4v-fmmj-pcvc",
"modified": "2024-12-24T06:30:43Z",
"published": "2024-12-24T06:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41885"
},
{
"type": "WEB",
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5R83-5392-H78W
Vulnerability from github – Published: 2025-03-13 18:32 – Updated: 2025-03-13 18:32Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.
{
"affected": [],
"aliases": [
"CVE-2025-2081"
],
"database_specific": {
"cwe_ids": [
"CWE-547"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-13T17:15:38Z",
"severity": "HIGH"
},
"details": "Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.",
"id": "GHSA-5r83-5392-h78w",
"modified": "2025-03-13T18:32:23Z",
"published": "2025-03-13T18:32:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2081"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7FM4-CPXV-5VQW
Vulnerability from github – Published: 2026-03-12 18:30 – Updated: 2026-03-27 12:31A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
{
"affected": [],
"aliases": [
"CVE-2026-28256"
],
"database_specific": {
"cwe_ids": [
"CWE-547"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-12T18:16:23Z",
"severity": "MODERATE"
},
"details": "A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.",
"id": "GHSA-7fm4-cpxv-5vqw",
"modified": "2026-03-27T12:31:06Z",
"published": "2026-03-12T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28256"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CF8F-W2C5-P5JR
Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2023-11-06 13:10A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'service-account-test@placeholder.org'.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-14837"
],
"database_specific": {
"cwe_ids": [
"CWE-547",
"CWE-798"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-12T16:51:57Z",
"nvd_published_at": "2020-01-07T17:15:00Z",
"severity": "CRITICAL"
},
"details": "A flaw was found in keycloack before version 8.0.0. The owner of \u0027placeholder.org\u0027 domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name \u0027test\u0027 the email address will be \u0027service-account-test@placeholder.org\u0027.",
"id": "GHSA-cf8f-w2c5-p5jr",
"modified": "2023-11-06T13:10:10Z",
"published": "2022-05-24T17:05:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14837"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/9a7c1a91a59ab85e7f8889a505be04a71580777f"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14837"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
},
{
"type": "WEB",
"url": "https://issues.jboss.org/browse/KEYCLOAK-10780"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "keycloak vulnerable to unauthorized login via mail server setup"
}
GHSA-FX46-WHRJ-73V5
Vulnerability from github – Published: 2018-07-24 20:06 – Updated: 2023-09-12 20:47All versions of html-janitor are vulnerable to cross-site scripting (XSS).
Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function."
Recommendation
Upgrade to version 2.0.4 or later.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 2.0.4"
},
"package": {
"ecosystem": "npm",
"name": "html-janitor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-0928"
],
"database_specific": {
"cwe_ids": [
"CWE-547",
"CWE-642"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:35:41Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "All versions of `html-janitor` are vulnerable to cross-site scripting (XSS).\n\nArbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function.\"\n\n\n## Recommendation\n\nUpgrade to version 2.0.4 or later.",
"id": "GHSA-fx46-whrj-73v5",
"modified": "2023-09-12T20:47:14Z",
"published": "2018-07-24T20:06:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0928"
},
{
"type": "WEB",
"url": "https://github.com/guardian/html-janitor/issues/35"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/308158"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-fx46-whrj-73v5"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/569"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Bypassing Sanitization using DOM clobbering in html-janitor"
}
GHSA-G4PF-CGVJ-HJJW
Vulnerability from github – Published: 2025-04-22 21:30 – Updated: 2025-04-22 21:30NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
{
"affected": [],
"aliases": [
"CVE-2025-23253"
],
"database_specific": {
"cwe_ids": [
"CWE-547"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-22T19:15:51Z",
"severity": "LOW"
},
"details": "NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.",
"id": "GHSA-g4pf-cgvj-hjjw",
"modified": "2025-04-22T21:30:44Z",
"published": "2025-04-22T21:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23253"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5644"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-H8QJ-4832-XWXP
Vulnerability from github – Published: 2025-03-13 18:32 – Updated: 2025-03-13 18:32Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions.
{
"affected": [],
"aliases": [
"CVE-2025-2079"
],
"database_specific": {
"cwe_ids": [
"CWE-547"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-13T17:15:38Z",
"severity": "HIGH"
},
"details": "Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions.",
"id": "GHSA-h8qj-4832-xwxp",
"modified": "2025-03-13T18:32:23Z",
"published": "2025-03-13T18:32:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2079"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J752-CJCJ-W847
Vulnerability from github – Published: 2025-04-15 14:17 – Updated: 2025-04-23 15:09Summary
The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine.
Details
The Dpanel service, when initiated using its default configuration, includes a hardcoded JWT secret embedded directly within its source code. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. It is recommended to replace the hardcoded secret with a securely generated value and load it from secure configuration storage to mitigate this vulnerability.
PoC
The core code snippet is shown below:
import jwt
def generate_jwt(appname):
payload = {
"SECRET_KEY":"SECRET_VALUE",
}
print("appname:", appname)
print("payload:", str(payload))
token = jwt.encode(payload, SECRET_KEY.format(APP_NAME=appname), algorithm="HS256")
return token
appname = "SECRET_KEY"
token = generate_jwt(appname)
print("url token:", token)
Impact
Attackers who successfully exploit this vulnerability can write arbitrary files to the host machine's file system, and all users with Dpanel versions less than 1.6.1 are affected.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/donknap/dpanel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-30206"
],
"database_specific": {
"cwe_ids": [
"CWE-321",
"CWE-453",
"CWE-547"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-15T14:17:25Z",
"nvd_published_at": "2025-04-15T20:15:39Z",
"severity": "CRITICAL"
},
"details": "### Summary\nThe Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine.\n\n### Details\nThe Dpanel service, when initiated using its default configuration, includes a hardcoded JWT secret embedded directly within its source code. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. It is recommended to replace the hardcoded secret with a securely generated value and load it from secure configuration storage to mitigate this vulnerability.\n\n\n### PoC\nThe core code snippet is shown below:\n```python\nimport jwt\n\ndef generate_jwt(appname):\n\n payload = {\n \"SECRET_KEY\"\uff1a\"SECRET_VALUE\",\n }\n print(\"appname:\", appname)\n print(\"payload:\", str(payload))\n token = jwt.encode(payload, SECRET_KEY.format(APP_NAME=appname), algorithm=\"HS256\")\n return token\n\nappname = \"SECRET_KEY\"\ntoken = generate_jwt(appname)\nprint(\"url token:\", token)\n```\n\n### Impact\nAttackers who successfully exploit this vulnerability can write arbitrary files to the host machine\u0027s file system, and all users with Dpanel versions less than 1.6.1 are affected.",
"id": "GHSA-j752-cjcj-w847",
"modified": "2025-04-23T15:09:48Z",
"published": "2025-04-15T14:17:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30206"
},
{
"type": "PACKAGE",
"url": "https://github.com/donknap/dpanel"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3612"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Dpanel\u0027s hard-coded JWT secret leads to remote code execution"
}
GHSA-Q8W6-W55C-CCV5
Vulnerability from github – Published: 2026-05-11 14:42 – Updated: 2026-05-11 14:42CVE-2026-6420: Hardcoded attestation challenge nonce allows replay attacks
Impact
The CertificationParameters.generate_challenge() method in the push attestation protocol uses a hardcoded challenge nonce instead of generating a cryptographically random value. This removes the nonce-based replay protection from TPM quote attestation.
An attacker with root access on a monitored agent node can exploit this by stockpiling valid TPM quotes (using tpm2_quote with the known nonce) before compromising the system, then replaying them to evade detection by the verifier. The push attestation timeout (~10s) constrains the generation window, but TPM throughput allows stockpiling ~50-200 quotes, enabling approximately 8-33 minutes of undetected compromise with default settings.
The attack is limited to a single agent node (AK signature binding prevents cross-agent replay). The pull-mode (legacy) attestation path is not affected.
Affected versions: >= 7.14.0, <= 7.14.1
CVSS: 6.3 Medium (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L)
| Metric | Value | Rationale |
|---|---|---|
| AV | Local | Exploitation requires local access to the agent machine (stop agent, access TPM, run replacement). The network transmission of quotes to the verifier is normal protocol operation. |
| AC | Low | Deterministic attack: publicly visible nonce, standard tpm2-tools, no race conditions. |
| PR | High | Root on a legitimate enrolled node is required. The vulnerability does not help gain access -- it only helps evade detection after root is obtained. No value against a machine the attacker already controls. |
| UI | None | Fully automated after initial setup. |
| S | Unchanged | AK signature binding confines impact to the single compromised agent. |
| C | High | Compromised node continues receiving bootstrap keys, payloads, and secrets intended for trusted nodes. |
| I | High | Verifier cannot distinguish a healthy system from a fully compromised one during the evasion window. |
| A | Low | Only the compromised agent's revocation and incident response are suppressed; the system as a whole remains operational. |
The base score does not fully capture the operational severity: Keylime exists to detect machine compromise, so 8-33 minutes of undetected compromise is operationally critical. The fix is a one-line change and should be applied immediately regardless of the base score.
Patches
The fix restores the original random nonce generation (one-line change in keylime/models/verifier/evidence.py):
# Before (vulnerable):
def generate_challenge(self, bit_length):
# self.challenge = Nonce.generate(bit_length)
self.challenge = bytes.fromhex("49beed365aac777dae23564f5ad0ec")
# After (fixed):
def generate_challenge(self, bit_length):
self.challenge = Nonce.generate(bit_length)
Users should upgrade to the version containing this fix (7.14.2).
Workarounds
There is no complete workaround. The following existing mechanisms provide partial mitigation and are already active by default (no configuration needed):
- TPM clock monotonicity check limits each distinct stockpiled quote to a single use, bounding the total evasion time.
- Push attestation timeout (default 10s) prevents the attacker from going silent and constrains the quote generation window.
Reducing quote_interval increases the attestation frequency but does not prevent the stockpiling attack.
References
- CWE-329: Generation of Predictable IV/Nonce (primary -- hardcoded nonce in cryptographic attestation protocol)
- CWE-547: Use of Hard-Coded, Security-relevant Constants (hardcoded constant left in production code)
- CWE-294: Authentication Bypass by Capture-replay (consequence -- enables replay attacks)
- CWE-1241: Use of Predictable Algorithm in Random Number Generator
- Introducing commit:
2bf91197via PR #1814 - TCG TPM 2.0 Library Specification, Part 1, Section 18.4 (TPM2_Quote)
- IETF RATS Architecture (RFC 9334), Section 8 (Freshness)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.14.1"
},
"package": {
"ecosystem": "PyPI",
"name": "keylime"
},
"ranges": [
{
"events": [
{
"introduced": "7.14.0"
},
{
"fixed": "7.14.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-6420"
],
"database_specific": {
"cwe_ids": [
"CWE-1241",
"CWE-294",
"CWE-329",
"CWE-547"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-11T14:42:46Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## CVE-2026-6420: Hardcoded attestation challenge nonce allows replay attacks\n\n### Impact\n\nThe `CertificationParameters.generate_challenge()` method in the push attestation protocol uses a hardcoded challenge nonce instead of generating a cryptographically random value. This removes the nonce-based replay protection from TPM quote attestation.\n\nAn attacker with root access on a monitored agent node can exploit this by stockpiling valid TPM quotes (using `tpm2_quote` with the known nonce) before compromising the system, then replaying them to evade detection by the verifier. The push attestation timeout (~10s) constrains the generation window, but TPM throughput allows stockpiling ~50-200 quotes, enabling approximately 8-33 minutes of undetected compromise with default settings.\n\nThe attack is limited to a single agent node (AK signature binding prevents cross-agent replay). The pull-mode (legacy) attestation path is not affected.\n\n**Affected versions:** \u003e= 7.14.0, \u003c= 7.14.1\n\n**CVSS:** 6.3 Medium (`CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L`)\n\n| Metric | Value | Rationale |\n|---|---|---|\n| AV | Local | Exploitation requires local access to the agent machine (stop agent, access TPM, run replacement). The network transmission of quotes to the verifier is normal protocol operation. |\n| AC | Low | Deterministic attack: publicly visible nonce, standard `tpm2-tools`, no race conditions. |\n| PR | High | Root on a legitimate enrolled node is required. The vulnerability does not help gain access -- it only helps evade detection after root is obtained. No value against a machine the attacker already controls. |\n| UI | None | Fully automated after initial setup. |\n| S | Unchanged | AK signature binding confines impact to the single compromised agent. |\n| C | High | Compromised node continues receiving bootstrap keys, payloads, and secrets intended for trusted nodes. |\n| I | High | Verifier cannot distinguish a healthy system from a fully compromised one during the evasion window. |\n| A | Low | Only the compromised agent\u0027s revocation and incident response are suppressed; the system as a whole remains operational. |\n\nThe base score does not fully capture the operational severity: Keylime exists to detect machine compromise, so 8-33 minutes of undetected compromise is operationally critical. The fix is a one-line change and should be applied immediately regardless of the base score.\n\n### Patches\n\nThe fix restores the original random nonce generation (one-line change in `keylime/models/verifier/evidence.py`):\n\n```python\n# Before (vulnerable):\ndef generate_challenge(self, bit_length):\n # self.challenge = Nonce.generate(bit_length)\n self.challenge = bytes.fromhex(\"49beed365aac777dae23564f5ad0ec\")\n\n# After (fixed):\ndef generate_challenge(self, bit_length):\n self.challenge = Nonce.generate(bit_length)\n```\n\nUsers should upgrade to the version containing this fix (7.14.2).\n\n### Workarounds\n\nThere is no complete workaround. The following existing mechanisms provide partial mitigation and are already active by default (no configuration needed):\n\n1. **TPM clock monotonicity check** limits each distinct stockpiled quote to a single use, bounding the total evasion time.\n2. **Push attestation timeout** (default 10s) prevents the attacker from going silent and constrains the quote generation window.\n\nReducing `quote_interval` increases the attestation frequency but does not prevent the stockpiling attack.\n\n### References\n\n- CWE-329: Generation of Predictable IV/Nonce (primary -- hardcoded nonce in cryptographic attestation protocol)\n- CWE-547: Use of Hard-Coded, Security-relevant Constants (hardcoded constant left in production code)\n- CWE-294: Authentication Bypass by Capture-replay (consequence -- enables replay attacks)\n- CWE-1241: Use of Predictable Algorithm in Random Number Generator\n- Introducing commit: [`2bf91197`](https://github.com/keylime/keylime/commit/2bf91197) via [PR #1814](https://github.com/keylime/keylime/pull/1814)\n- TCG TPM 2.0 Library Specification, Part 1, Section 18.4 (TPM2_Quote)\n- IETF RATS Architecture (RFC 9334), Section 8 (Freshness)",
"id": "GHSA-q8w6-w55c-ccv5",
"modified": "2026-05-11T14:42:46Z",
"published": "2026-05-11T14:42:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/keylime/keylime/security/advisories/GHSA-q8w6-w55c-ccv5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6420"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-6420"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458889"
},
{
"type": "PACKAGE",
"url": "https://github.com/keylime/keylime"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Keylime has a hardcoded attestation challenge nonce that allows replay attacks"
}
Mitigation
Avoid using hard-coded constants. Configuration files offer a more flexible solution.
No CAPEC attack patterns related to this CWE.