UPDATE: Version 1.6.6 is now released and contains an additional mitigation against this issue. We recommend upgrading.
- • Patches were applied to address this vulnerability on June 18, 2021, and September 20, 2021.
- • Exploitation required specific conditions and detailed information about a target.
- • We have no evidence that this vulnerability was ever exploited in the wild.
- • Our roots are now fully patched and additional mitigations are in place.
- • We will release a patch today that contains endpoint mitigations rendering the attack impossible. Upgrading is strongly recommended.
It was possible for an attacker to impersonate a ZeroTier node and inject packets into a network, under very specific circumstances. It required the generation of an identity whose address collides with another authorized node on a network, a task demanding significant compute resources, and detailed knowledge of the authorized member list for a target network.
Conditions Required for Attack
The following conditions were required to be true at the same time:
- • The attacker has generated an identity collision with an attacking address.
- • The attacking address must be authorized to the victim’s network.
- • Network rules must allow communication between attacker and victim.
- • For bi-directional communication, the attacker must establish a direct peer to peer link to the victim, before the victim has established one with the authentic node.
- • The victim does not have the real identity of the attacking address cached. This can occur if they have not communicated for 30 days or more.
- • The roots must permit multiple valid identities with the same address.
To demonstrate the attack, Pulse Security generated two arbitrary colliding identities and pre-seeded an environment. This is significantly easier than targeting an existing identity, due to the birthday paradox. Attacking a live target would have been considerably more expensive but not outside the reach of a well resourced attacker.
Mitigations So Far
- • Removed all support on roots for multiple identities with the same address.
- • Re-enabled full identity verification for all nodes connected to roots (this was done in June in response to the original report).
- • Implemented a mitigation in the ZeroTier core to render this attack impossible even in the presence of a colliding address or improperly configured roots. This will be released later today. Upgrading is recommended but not required.
- • Going forward we are planning to add tests for these scenarios to our validation pipeline.
We would like to take a moment to thank Pulse Security for bringing this issue to our attention and providing detailed information to assist us in developing a fix.
Security is of critical importance to us. Expect a complete postmortem with additional details and discussion soon.