[Bug]: Insecure remote configuration fetch allows MitM config tampering

[verovaleros]

Bug Description

ConfigurationManager._fetch_remote_configuration() in netsecgame/game/configuration_manager.py fetches configuration over plaintext HTTP and accepts remote data without authentication or integrity verification.

Current flow (configuration_manager.py:48-90):

• Uses http://{service_host}:{service_port}/cyst_init_objects.
• Accepts response JSON and immediately loads it into:
  • env.configuration.general.load_configuration(config_data)
  • ConfigParser(config_dict=config_data)
• Uses broad except Exception with fallback to local file, which can mask security-relevant remote-fetch failures.
• Logs full fetched config data at debug level (Received config data: {config_data}).

Security impact:

• On-path attacker can tamper with remote configuration and influence goals, rewards, starting positions, topology, and security toggles.
• Failure handling may hide remote tampering/fetch failures behind local fallback.
• Debug logging may expose sensitive configuration details.

Steps to Reproduce

1. Start coordinator with remote config service configured (service_host, service_port).
2. Intercept traffic between coordinator and config service.
3. Tamper with HTTP response to /cyst_init_objects.
4. Return crafted JSON that changes rewards/win conditions/starting positions/security flags.
5. Observe coordinator loads attacker-controlled config.

Expected Behavior

1. Use authenticated secure transport for remote config fetch (TLS + service authentication).
2. Enforce integrity verification before loading config.
3. Avoid broad exception swallowing that masks deliberate remote fetch failures.
4. Do not log full remote configuration payloads.
5. If fallback to local config occurs after remote failure, emit explicit high-visibility warning with security context.

Version

Current main branch (as of 2026-03-05)

Installation / Deployment Method

Running locally from source

[verovaleros]

Originally reported by @msladic1.