CAPEC 459 Creating a Rogue Certification Authority Certificate

Draft Detailed Medium Risk

Severity Very High

Description

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their \'to be signed\' parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

Attack Execution Flow

Step 1

Experiment

[Craft Certificates] The adversary crafts two different, but valid X.509 certificates that when hashed with an insufficiently collision resistant hashing algorithm would yield the same value.

Step 2

Experiment

[Send CSR to Certificate Authority] The adversary sends the CSR for one of the certificates to the Certification Authority which uses the targeted hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the adversary which is signed with its private key.

Step 3

Exploit

[Insert Signed Blob into Unsigned Certificate] The adversary takes the signed blob and inserts it into the second X.509 certificate that the attacker generated. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob is valid in the second certificate. The result is two certificates that appear to be signed by a valid certificate authority despite only one having been signed.

CAPEC 459 Creating a Rogue Certification Authority Certificate

Description

Attack Execution Flow

Step 1

Step 2

Step 3

Mitigations

Certification Authorities Need To Stop Using Deprecated Or Cryptographically Insecure Hashing Algorithms To Hash The Certificates That They Are About To Sign. Instead They Should Be Using Stronger Hashing Functions Such As Sha-256 Or Sha-512.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Resources Required

CAPEC 459 Creating a Rogue Certification Authority Certificate

Description

Attack Execution Flow

Step 1

Step 2

Step 3

Mitigations

Certification Authorities Need To Stop Using Deprecated Or Cryptographically Insecure Hashing Algorithms To Hash The Certificates That They Are About To Sign. Instead They Should Be Using Stronger Hashing Functions Such As Sha-256 Or Sha-512.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Resources Required

Iscriviti alla newsletter