We could suggest providing a cert in the osquery configurati

Question

We could suggest providing a cert in the osquery configuration as a workaround This would prevent the MITM attack that is possible due to the bug

seph · Answer

I m not sure what you mean

zwass · Answer

As of now if a cert is not specified an attacker can use any cert that is trusted by the system root The cert doesn t have to match the domain the agent is trying to connect to

seph · Answer

Right I m not sure what you mean by providing a cert

seph · Answer

oh you re suggesting people ship the cert and set the commandline config to use it as a mitigation

zwass · Answer

Correct

seph · Answer

` tls server certs` does seem like a reasonable mitigation

Jams · Answer

What mitigation do you recommend for osquery agents communicating with an AWS endpoint and managed certs by Amazon

zwass · Answer

Can you download the cert chain and provide it to ` tls server certs`

Jams · Answer

I ll take a look