Original URL: http://www.theregister.co.uk/2008/12/29/ca_mozzilla_cert_snaf/

CA issues no-questions asked Mozilla cert

Snafu highlights wider trust problem

By John Leyden

Posted in Security, 29th December 2008 11:32 GMT

Security researchers have uncovered weaknesses in low-assurance digital certificates that create a means for miscreants to mount more convincing man-in-the-middle (MITM) attacks.

MITMs involve a hacker planting himself between two parties in a dialogue, relaying messages between them and effectively controlling the conversation. The approach might be used, for example, to trick a user into handing over online banking login credentials in the mistaken belief that they are talking directly to a financial institution.

Normally untrusted certificates from an unknown issuer are used by fraudster sites in these kind of scenarios. This would generate error messages or warnings that flag up possible problems, at least to the more internet-savvy.

These types of warnings disappear if miscreants add a legitimately-issued certificate into the mix.

You might think security credential firms would be wise to this kind of ruse and in most cases they probably are but security blogger Eddy Nigg discovered that he was able to get a low-assurance digital certificate for Mozilla.com. The certificate was issued by a reseller of digital certificate firm Comodo. Nigg was shocked that the approach was successful.

"Five minutes later I was in the possession of a legitimate certificate issued to mozilla.com - no questions asked - no verification checks done - no control validation - no subscriber agreement presented, nothing," he writes.

"With the understanding about MITM attacks, the severity of this practice is obvious. No encryption is worth anything if an attacker can implant himself between the client and the server. With a completely legitimate and trusted certificate, the attack is perfect. No warning and no error."

Nigg got the idea of asking for a certificate in the name of Mozilla after obtaining another certificate from the same reseller in the name of his own firm, Startcom, in order to investigate a separate fraudulent reminder email problem.

Comodo revoked the offending certificate after Nigg posted his findings on the mozilla.dev.tech.crypto mailing list and in a blog posting, with screenshots, here. An incident report on the issue has been filed with Mozilla.

In a statement, Comodo said that it had suspended the reseller involved in the incident as part of a wider investigation.

The certificates were obtained by a competing Certificate Authority (“CA”) attempting to demonstrate a perceived vulnerability in one of our Registration Agent’s (“RA”) systems and procedures. In this isolated incident the certificates were issued as a result of the RA’s automatic DV mechanism being bypassed by an accident on their part. Fortunately the CA did not intend to and did not use the certificates in a commercial setting. As soon as Comodo discovered the error with the certificate, the certificate was revoked and the RA’s account with Comodo was suspended eliminating any chance that the mistake could be repeated. Comodo immediately launched an internal investigation to find the cause of the mis-issued certificate.

The mis-issued certificates are anomalies. Comodo and its partners issue thousands of correctly validated certificates each month. The RA’s account will remain suspended until Comodo is satisfied that the certificates issued were the result of unintentional errors made by the RA and that any vulnerability in the RA’s systems and procedures has been eliminated.

Possible shortcomings with low-assurance certificates are well known and are the reason vendors offer more expensive extended validation certificates, where checks on a users' bona-fides are made. That low-assurance certs might be issued without any checks whatsoever does however come as something of an eye opener.

Comodo said that it was pushing for minimum standards for domain validation (DV) certificates.

The problem illustrated in this unfortunate event highlights the vulnerability inherent with DV certificates. All DV certificates are theoretically susceptible to this man in the middle (MITM) exploitation. While the CAB Forum, which was founded by Comodo, has established guidelines for highly validated Extended Validation (“EV”) Certificates, no minimum standard has been adopted. Earlier this month at the CAB Forum’s most recent meeting, Comodo put forward a minimum standard for all SSL certificates which, if adopted, would eliminate this MITM attack. DV certificates' susceptibility to MITM attacks is well known. Minimum standards are well overdue.

®