Full Report
Some applications have very strong security requirements. For instance, you should be able to execute code but not know what's executing. In cases like Secret Network, these secure enclaves are really important for security. A server compromise does nothing in this case. Secure enclaves run in a very locked down environment. On AWS Nitro, users can only interact with the enclave via a virtual socket. Each enclave contains an attestation document, such as the hash of the image running, the hash of the kernel and whether it's signed or not. Evervault is a platform built on top of AWS Nitro enclaves. It's providing scaffolding and infrastructure that allows connecting over HTTPs to the connection. They do this by including the attestation document in the TLS handshake. The key used to establish the connection must match the one in the attestation document. Besides this, the application needs to check all PCR values. The Golang library for doing PCR validation has a neat feature: it only compares the PCRs that you want. If you leave the PCR as an empty string, then it will be considered valid. This comes at a funny cost of complexity though: what if a malicious host returned an empty string? If the user expected a value to be here and the empty string was passed in, the remote PCR validation would pass! The public bug report is here. The vulnerability really only affects applications that check PCR8. This is because anything with a valid AWS signature requires that PCR0-2 be present and the requirement that at least one PCR must be sent in the document. Overall, an interesting bug that was found from really understanding the threat model.
Analysis Summary
# Vulnerability: Validation Bypass in Evervault-Go PCR Verification
## CVE Details
- **CVE ID:** CVE-2025-64186
- **CVSS Score:** Not explicitly listed in text (Estimated Medium/High based on enclave protection bypass)
- **CWE:** CWE-20: Improper Input Validation / CWE-345: Insufficient Verification of Data Authenticity
## Affected Systems
- **Products:** Evervault Go SDK (`evervault-go`)
- **Versions:** Versions prior to the fix released in early 2025 (refer to GitHub advisory for specific tags)
- **Configurations:** Applications using the Go library to verify AWS Nitro Enclave attestation documents, specifically those relying on PCR (Platform Configuration Register) validation.
## Vulnerability Description
The vulnerability exists in the `pcrNotEqual` logic within the `evervault-go` library. When comparing the user-provided "expected" PCR values against the values found in a remote attestation document, the library's comparison function incorrectly treats an empty string as a "skip" or "wildcard" for both the trusted user input **and** the untrusted document input.
Because the logic returns `false` (indicating no inequality) if either compared value is an empty string, a malicious host can provide an attestation document with missing or empty PCR values. This causes the client to skip validation for those fields, effectively bypassing the integrity checks for the enclave image, kernel, or signature.
## Exploitation
- **Status:** PoC available (described in technical report); Vulnerability identified during audit.
- **Complexity:** Medium
- **Attack Vector:** Network (Targeting the TLS/Attestation handshake between a client and a malicious or compromised enclave host).
## Impact
- **Confidentiality:** High (If PCR validation is bypassed, a client may send sensitive data to a malicious enclave masquerading as a secure one).
- **Integrity:** High (The client fails to verify that the code running in the enclave is the untrusted/original version).
- **Availability:** Low (Primary impact is on trust and security guarantees).
## Remediation
### Patches
- Users should update `evervault-go` to the version addressing **GHSA-88h9-77c7-p6w4**.
### Workarounds
- Manually implement a strict validation wrapper that ensures PCR values in the attestation document are not null or empty strings before passing them to the library's verification functions.
## Detection
- **Indicators of Compromise:** Attestation documents received from enclaves that lack PCR8 values or other expected platform configuration registers.
- **Detection Methods:** Audit Go dependencies for `evervault-go` and check for the `pcrNotEqual` implementation. Ensure that the logic explicitly fails if an expected PCR value is provided but the document's PCR value is empty.
## References
- Vendor Advisory: [https://github[.]com/evervault/evervault-go/security/advisories/GHSA-88h9-77c7-p6w4]
- Technical Write-up: [https://joranhonig[.]nl/not-so-secure-enclaves/]
- Security Handbook: [https://docs[.]bluethroatlabs[.]com/]