DH key exchange with only one end authenticated

Question

We know there is a man in the middle vulnerability with unauthenticated DH key establishment. And the way to negate that is to use authenticate the keys used. But what if I only verify the signature of one end. Is there any vulnerability then?

EDIT: To be clear, I am not referring to the fact that the authenticated party does not know who its talking to. I am specifically thinking about a cryptographic vulnerability where someone who does not have control over the machine (of the unauthenticated end) can do some damage.

Answer 1

…what if I only verify the signature of one end?

Bob would not be able to know if he is looking at a signature by Eve, or if it’s a valid signature coming from Alice. In case if Eve is messing with the exchange, Eve would be able to inject her own (as it is handled non-authenticated) and Eve would be able to verify that it’s Bob on the other end (which boils down to “non-deniability”). Depending on the individual situation, these can be a real neck-breakers.

Is there any vulnerability then?

Yes! As described above, there is a vulnerability in that case because one authenticated party would be “talking” to an non-authenticated other party… whoever that may be. That’s why authentication is regarded to be so important in the realms of cryptography – to detect if Eve is messing with things.