TLS certificates running longer than domain ownership could lead to MitM and DoS attacks

News by Rene Millman

Researchers warn that hackers could mount attacks on production sites using security certificates that outlast domain ownership, enabling the creation of imposter sites.

Security certificates that outlast domain ownership could result in hackers mounting attacks against an organisation, according to security researchers.

A web site set up by security researchers Ian Foster and Dylan Ayrey to publicise the issue explains that if a company acquires a previously owned domain, the previous owner could still have valid certificates, which could allow them to carry out a MitM attack on the SSL connection with their prior certificate.

They also said that if a certificate has a subject alt-name for a domain no longer owned by the certificate user, it is possible to revoke the certificate that has both the vulnerable alt-name and other domains. "You can DoS the service if the shared certificate is still in use!" they added.

The researchers also posted a PDF of presentation they gave at the recent Defcon conference. In this document, the researchers showed how they looked at three million domains and 7.7 million certificates to see what percentage of these pre-dated the domain registration and continued to be valid. They found that 1.5 million domains did so with 25 per cent of them not expiring at the time of the investigation.

To further illustrate the issue, researchers bought an old domain and then tried to revoke a test certificate. Digicert would only revoke certificates if the researchers replied to an email address the researchers had no control over. Comodo required the researchers to check account ownership, while Let’s Encrypt required proof of domain ownership. The latter is now considering a policy change in light of the researchers’ findings.

The researchers have published a tool called Bygone SSL to help organisations with the issue by showing an up to date view of affected domains and certificates using publicly available DNS data and Certificate Transparency logs.

"BygoneSSL will demonstrate how widespread the issue is, let domain owners determine if they could be affected, and can be used to track the number of affected domains over time," they said.

The researchers said that registrars could help alleviate the issue by showing per-existing certificates for domain registrations and include related alt-names. "Cas should not issue certificates valid fo longer than domain registration," they added.

Craig Stewart, EMEA VP at Venafi, told SC Media UK that this sort of threat comes when organisations don’t have control over their certificates – particularly those who are still trying to manage them manually.

"Research has found that 56 percent of companies still manage at least some of their certificates manually, which is a recipe for disaster. Given the tsunami of certificates that companies are generating on a daily basis, there is simply no way for humans to be able to keep up with so many certificates and some will inevitably slip through the cracks and opening the door to MitM attacks or other threats," he said.

Paul Ducklin, senior security advisor at Sophos, told SC Media UK that in theory, any company that has issued a certificate - a so-called CA or Certificate Authority - is supposed to revoke it when the domain it refers to expires or is transferred to someone else, "but what if they forget?" he said.

"If BygoneSSL certificates for your domain don't get revoked, a previous owner could, in theory, set up a site that's an imposter of yours and present a still-valid certificate that makes people think it's the real deal."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews