A critical authentication bypass in the Keylime registrar allows unauthenticated network attackers to perform unauthorized administrative actions and compromise the integrity of the attestation framework.

The registrar does not mandate client-side Transport Layer Security (TLS) certificates. This allows unauthenticated clients with network access to bypass authentication and execute administrative operations such as listing agents, retrieving public TPM data, and deleting agents.

The failure to enforce authentication in a security-critical component like a registrar undermines the entire Trusted Platform Module (TPM) attestation chain. With a CVSS score of 9.4, this flaw could lead to the unauthorized removal of trusted nodes and the exposure of sensitive hardware security data.

Immediate Action: Update Keylime to the latest patched version and ensure that client-side TLS authentication is explicitly enabled and enforced in the registrar configuration.

Proactive Monitoring: Audit registrar logs for administrative requests originating from clients that did not present a valid certificate.

Compensating Controls: Restrict network access to the Keylime registrar using firewalls or VPC security groups to ensure only authorized internal components can communicate with it.

Public Exploit Available: No

The administrative nature of this bypass makes it a high-priority risk. Organizations relying on Keylime for system integrity must update their deployments immediately and verify that TLS client authentication is strictly enforced.