The National Security Service of USA (NSA) warns of the dangers of using long-range certificates to authenticate multiple servers in an organization.
In a document released last week, the agency provides mitigation against the risks posed by the use of broadband certificates. These include a recently unveiled ALPACA technique, which could be used for a variety of motion redirection attacks.
The organization refers to the risks involved in wildcards or multi-domain digital certificates, which validate the server identity to allow a reliable, secure connection through the Transport Layer Security (TLS) cryptographic protocol.
In a presentation two months ago, researchers showed that TLS servers running different protocols but with compatible certificates could be exploited by attacking application-level protocol content confusion.
They named the technique ALPACA, an abbreviation for application-level protocols that allow attacking between protocols, noting that a malicious agent who meets certain conditions could steal cookies or perform cross-site scripting attacks.
A digital wildcard certificate can be used with multiple subdomains in the same domain, so it can cover multiple servers (eg email, FTP, applications), while a multi-domain certificate is used for multiple domains in one IP address.
The NSA says [PDF] that “ALPACA is a complex class of exploitation techniques that can take many formsAnd that a realistic scenario for such an attack would require the following:
- A destination web application that uses TLS
- Another service / application (usually not a web server) that presents a valid TLS certificate with a subject name that would be valid for the targeted web application, such as when wildcards are too wide
- A tool for the malicious actor to redirect the victim network traffic to the destination web application in the second service (most likely achieved by DNS poisoning or human compromise)
- An HTTP request accepted by the second service, resulting in at least part of the request being reflected back to the sender
A malicious agent who meets these "relatively unusual conditions" will be able to perform at least phishing, watering hole, malicious advertising or man-in-the-middle (MitM) attacks.
Using the ALPACA technique, an adversary could make the victim's web browser trust and execute responses that are reflected by a malicious service that is signed with the correct certificate.
This opens the door to stealing session cookies, user private data and executing arbitrary code within a vulnerable server.