NSA is releasing this guidance as part of the mission to help secure the DoD, NSS and DIB. Administrators should warn the organisation against the use of wildcard TLS certificates and the ALPACA TLS attack.
The ALPACA method which attacks hardened web applications through non-HTTP services secured by a TLS certificate with the same scope as the web application, raises the danger of employing wildcard certificates with a broad scope.
This technique allows a threat actor to trick web servers that support multiple protocols into responding to encrypted HTTPS requests using unencrypted protocols including FTP, email (IMAP, POP3), and others.
The dangers of using wildcard TLS certificates
A wildcard certificate is a digital TLS certificate issued by businesses from certificate authorities that allows the owner to apply it to a domain and all of its subdomains at the same time. Companies have used wildcard certificates for years because they are less expensive and easier to maintain, since administrators can apply the same certificate to all servers rather than having to handle a separate certificate for each subdomain.
On Thursday,NSA published the statement about the previous Security researchers attacks, “A malicious cyber actor who obtains control of the private key associated with a wildcard certificate will be able to impersonate any of the sites represented, as well as gain access to valid user credentials and protected information”.
The Cybersecurity Information Sheet provides mitigations for poorly implemented certificates and ALPACA, including:
- Understanding the scope of each wildcard certificate used in your organization
- Using an application gateway or web application firewall in front of servers, including non-HTTP servers
- Using encrypted DNS and validating DNS security extensions to prevent DNS redirection
- Enabling Application-Layer Protocol Negotiation (APLN), a TLS extension that allows the server/application to specify permitted protocols where possible
- Maintaining web browsers at the latest version with current updates.