CVE-2025-44005: Cve 2025 44005 Gettokenid Silent Error Bypass
GetTokenID errors are silently ignored: the entire one-time-token reuse check is gated on `err == nil`. Any provisioner whose GetTokenID returns an error (e.g. ACME, SCEP) completely bypasses token validation and silently receives a nil (success) return, enabling unauthenticated certificate signing (CVE-2025-44005). Replace the if-init pattern with a separat
greprules fetch cve-2025-44005-cve-2025-44005-gettokenid-silent-error-bypass --engine opengrepDescription
GetTokenID errors are silently ignored: the entire one-time-token reuse check is gated on `err == nil`. Any provisioner whose GetTokenID returns an error (e.g. ACME, SCEP) completely bypasses token validation and silently receives a nil (success) return, enabling unauthenticated certificate signing (CVE-2025-44005). Replace the if-init pattern with a separat
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.