CVE-2024-13454

Name of the Vulnerable Software and Affected Versions Easy-RSA versions 3.0.5 through 3.1.7

Description The issue is related to a weak encryption algorithm used in Easy-RSA, specifically the cipher:des-ede3-cbc algorithm, which allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3. This can enable an attacker to launch a brute force attack.

Recommendations For Easy-RSA versions 3.0.5 through 3.1.7, consider updating to a version that uses a stronger encryption algorithm to mitigate the risk of brute force attacks. As a temporary workaround, restrict the use of the build-ca command in Easy-RSA until a patch is available. Additionally, avoid using the weak cipher:des-ede3-cbc algorithm for key creation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.