Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

NSA warns of heightened wildcard TLS certificate risk

The US National Security Agency (NSA) is warning organizations to avoid using wildcard digital encryption certificates in order to minimize the risk from a new form of TLS traffic decryption attacks.

As they cover multiple domains, so-called ‘wildcard’ TLS certificates remove the need for an organization to obtain a certificate for every subdomain they own.

While common practice among enterprises, wildcard certs were recently revealed to open the door to a hacking technique dubbed ‘ALPACA’ (Application Layer Protocols Allowing Cross-Protocol Attack).

NSA warning

“Wildcard certificates have legitimate uses, but can confer risk from poorly secured servers to other servers in the same certificate’s scope,” warned an alert (PDF) from the NSA this week.

ALPACA is a technique used to exploit hardened web applications through non-HTTP services secured using the same or a similar Transport Layer Security (TLS) certificate.

This attack, discovered in June and demonstrated at Black Hat USA, allows threat actors to confuse machine identities that run multiple protocols and trick servers to respond to encrypted HTTPS requests via unencrypted protocols.

These unencrypted responses offer a means for miscreants to capture cookies and private user data.

Don’t show your hand

The use of wildcard certificates to verify web server identities during the TLS handshake process increases the risk from ALPACA-style attacks, so administrators are urged to review their environments and check their usage.

Wildcard certificates have long been frowned upon from a secure development perspective, but the NSA’s latest announcement acts as an indication that this attack vector may be one to watch over the coming months.

Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, commented: “Typically, organisations use wildcard certificates to reduce costs and because security teams find them helpful to manage their machine identities.”

Bocek continued: “However, it is a double-edged sword: because they are so easy to use, often security teams forget to monitor them regularly. Without proper security, control, and monitoring of wildcard certificates cybercriminals can exploit them in other attacks – such as phishing.”

Source: https://portswigger.net/daily-swig/nsa-warns-of-heightened-wildcard-tls-certificate-risk

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Zero Trust Data Access (ZTDA) constitutes a fundamental aspect of the wider Zero Trust security framework, which entails limiting data access. The Zero Trust security approach...

Cyber Security

Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich....

Cyber Security

The protocols SSL (Secure Sockets Layer) and TLS (Transport Layer Security), are used to create secure connections between networked computers. The terms “SSL” or...

Cyber Security

Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO