HomesecurityNSA: What are the dangers of long-range certificates?

NSA: What are the dangers of long-range certificates?

The National Security Service of USA (NSA) warns of the dangers of using long-range certificates to authenticate multiple servers in an organization.


See also: NSA, CISA: Guidelines for Enhancing Security of VPN Solutions

In a document released last week, the agency provides mitigation against the risks posed by the use of broadband certificates. These include a recently unveiled ALPACA technique, which could be used for a variety of motion redirection attacks.

The organization refers to the risks involved in wildcards or multi-domain digital certificates, which validate the server identity to allow a reliable, secure connection through the Transport Layer Security (TLS) cryptographic protocol.

In a presentation two months ago, researchers showed that TLS servers running different protocols but with compatible certificates could be exploited by attacking application-level protocol content confusion.

They named the technique ALPACA, an abbreviation for application-level protocols that allow attacking between protocols, noting that a malicious agent who meets certain conditions could steal cookies or perform cross-site scripting attacks.

See also: Microsoft: Half of all cyber-attacks in the United States come from Russia

A digital wildcard certificate can be used with multiple subdomains in the same domain, so it can cover multiple servers (eg email, FTP, applications), while a multi-domain certificate is used for multiple domains in one IP address.

wide-ranging certificates

The NSA says [PDF] that “ALPACA is a complex class of exploitation techniques that can take many formsAnd that a realistic scenario for such an attack would require the following:

  • A destination web application that uses TLS
  • Another service / application (usually not a web server) that presents a valid TLS certificate with a subject name that would be valid for the targeted web application, such as when wildcards are too wide
  • A tool for the malicious actor to redirect the victim network traffic to the destination web application in the second service (most likely achieved by DNS poisoning or human compromise)
  • An HTTP request accepted by the second service, resulting in at least part of the request being reflected back to the sender

A malicious agent who meets these "relatively unusual conditions" will be able to perform at least phishing, watering hole, malicious advertising or man-in-the-middle (MitM) attacks.

See also: How phishing-as-a-service is a threat to organizations

Using the ALPACA technique, an adversary could make the victim's web browser trust and execute responses that are reflected by a malicious service that is signed with the correct certificate.

This opens the door to stealing session cookies, user private data and executing arbitrary code within a vulnerable server.

Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement