CAPEC-459 Détail

CAPEC-459

Nom

Creating a Rogue Certification Authority Certificate

Probabilité d'attaque

Moyen

Gravité typique

Statut

Draft

Publié

2014-06-23
00h00 +00:00

Modifié

2022-09-29
00h00 +00:00

Liens officiels

CAPEC Mitre.org

Alerte pour un CAPEC

Restez informé de toutes modifications pour un CAPEC spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CAPEC

Restez informé de toutes modifications pour un CAPEC spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

Spécifiez le CAPEC ID que vous désirez surveiller.

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

Descriptions du CAPEC

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

Informations du CAPEC

Flux d'exécution

1) Experiment

[Craft Certificates] The adversary crafts two different, but valid X.509 certificates that when hashed with an insufficiently collision resistant hashing algorithm would yield the same value.

2) Experiment

[Send CSR to Certificate Authority] The adversary sends the CSR for one of the certificates to the Certification Authority which uses the targeted hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the adversary which is signed with its private key.

3) Exploit

[Insert Signed Blob into Unsigned Certificate] The adversary takes the signed blob and inserts it into the second X.509 certificate that the attacker generated. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob is valid in the second certificate. The result is two certificates that appear to be signed by a valid certificate authority despite only one having been signed.

Conditions préalables

Certification Authority is using a hash function with insufficient collision resistance to generate the certificate hash to be signed

Compétences requises

Understanding of how to force a hash collision in X.509 certificates
An attacker must be able to craft two X.509 certificates that produce the same hash value
Knowledge needed to set up a certification authority

Ressources nécessaires

Knowledge of a certificate authority that uses hashing algorithms with poor collision resistance
A valid certificate request and a malicious certificate request with identical hash values

Atténuations

Certification Authorities need to stop using deprecated or cryptographically insecure hashing algorithms to hash the certificates that they are about to sign. Instead they should be using stronger hashing functions such as SHA-256 or SHA-512.

Faiblesses connexes

CWE-ID	Nom de la faiblesse
CWE-327	Use of a Broken or Risky Cryptographic Algorithm The product uses a broken or risky cryptographic algorithm or protocol.
CWE-295	Improper Certificate Validation The product does not validate, or incorrectly validates, a certificate.
CWE-290	Authentication Bypass by Spoofing This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Références

REF-395

MD5 Considered Harmful Today: Creating a Rogue CA Certificate
Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger.
http://www.phreedom.org/research/rogue-ca/

REF-587

MD5 considered harmful today
Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger.
https://www.win.tue.nl/hashclash/rogue-ca/#Ref

Soumission

Nom	Organisation	Date	Date de publication
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Nom	Organisation	Date	Commentaire
CAPEC Content Team	The MITRE Corporation	2017-05-01 +00:00	Updated Description Summary
CAPEC Content Team	The MITRE Corporation	2018-07-31 +00:00	Updated References
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated Consequences, Description, Example_Instances, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Resources_Required, Skills_Required, Taxonomy_Mappings
CAPEC Content Team	The MITRE Corporation	2020-12-17 +00:00	Updated Description, Execution_Flow
CAPEC Content Team	The MITRE Corporation	2021-06-24 +00:00	Updated Taxonomy_Mappings
CAPEC Content Team	The MITRE Corporation	2022-02-22 +00:00	Updated Description, Execution_Flow, Extended_Description
CAPEC Content Team	The MITRE Corporation	2022-09-29 +00:00	Updated Example_Instances

Détail du CAPEC-459