HomesecurityZero-Day bug in Verisign & IaaS services lets hackers fix ...

Zero-Day bug in Verisign & IaaS services lets hackers fix fake domains

A critical zero-day bug that affected her Verisign and many IaaS services such as Google, Amazon, and DeigitalOcean let hackers register homographs (.com and .net).

Successful registration of these domain homographs resembles the same well-known domains and sub domains that are used to perform social engineering and internal attacks and are similar procedure with the IDN homograph attack.

Researchers have identified several domain names that have been active since 2017 with an HTTPS certificate that mimics the various domains that include financial, marketplace Internet, technology and other Fortune 100 sites.

Matt Hamilton, a researcher from Soluble, found that several Generic top-level domains (gTLDs) can be registered using the Unicode Latin IPA Extension character and was also able to register the following domain names.

The above listed domains are identical to the original original domains but essentially made using the Unicode Latin IPA.

Similarly, the researcher looked at about 300 significant domains and vulnerability is believed to be used only in campaigns social engineering high targeting that they intend to install malware and steal sensitive data.

According to the detailed report "It seems that Verisign and other providers did not know the so-called" homoglyphs "in the character set Unicode Latin IPA Extension".

Enter the domain domain with a mixture of Unicode and Latin characters

Basically, Verisign is blocking them users register domains that use mixed scripts such as “” using Cyrillic “о”.


However, due to the zero-day bug, it was possible to register a domain with a combination of Unicode and Latin characters, since the Unicode characters were the same in Latin.

Companies like Verisign impose explicit measures against homographs (banning mixed scripts) because they do not want similar domains in the gTLD. The public services that exist in a communal root, such as “”, “” or other services that allow users to create arbitrary sub domains should apply the same restrictionsSaid the researcher.

This bug not only affected VeriSign's gTLDs but most likely any TLD that allows for IPA Latin characters.

This vulnerability is considered zero day, as multiple occurrences of certificate logs were detected HTTPS through Certificate Transparency, as well as an "informal" library JavaScript hosted in a "prominent domain".

Teo Ehc
Be the limited edition.