The US National Security Agency (NSA) released this week a warning for organizations in the country that report not using wildcard TLS certificates due to a new attack called ALPACA TLS.
The NSA urges all agencies to follow its technical advice as attackers could gain access to and decrypt encrypted web traffic.
The dangers of using wildcard TLS certificates
Although there are many different scenarios and attacks that could help attackers decrypt every move with TLS encryption, the NSA specifically emphasized the use of wildcard TLS certificates, something that many security researchers have been warning about for years.1, 2, 3, 4, 5, 6] ..
Also known as a domain-validated certificate, a wildcard certificate is a TLS digital certificate that companies purchase from certification authorities and allow the holder to apply it simultaneously to a domain and all of its subdomains (* .example.com).
Over the years, companies have started using wildcard certificates because of the reduced cost but also because they are easier to manage, as administrators can apply the same certificate to all sites instead of having to manage a different one for each subdomain.
However, this ease of use is also the Achilles heel of technology, as once a malicious user breaches a server, it breaches virtually the entire company.
"A malicious user gaining control of a private key from a wildcard certificate will be able to impersonate any of the company's websites and gain access to valid user credentials and protected information," the NSA said Thursday.
The U.S. Department of Homeland Security is now calling on administrators of both public and private networks to re-evaluate the need to use a wildcard certificate on their networks and prepare for the implementation of individual certificates to isolate and mitigate potential breaches.
The new ALPACA attack
In addition, the NSA publication is accompanied by a warning about the new ALPACA attack, (from the Application Layer Protocol Content Confusion Attack), which was disclosed this summer and uses wildcard certificates.
With a simple explanation, this attack allows the attacker to confuse web servers running multiple protocols to respond to encrypted HTTPS requests via unencrypted protocols, FTP, email (IMAP, POP3) and more.
A successful attack “can extract session cookies and other private data users or run arbitrary JavaScript on the vulnerable web server, bypassing TLS and web application security," according to the research team that discovered the ALPACA attack.
At the time it was revealed in June, the problem was not taken seriously because an ALPACA attack required attackers to be able to intercept web traffic, which is difficult in some scenarios.
But the research team that discovered the attack said more than 119.000 web servers were vulnerable to ALPACA attacks, a significant number.
Protection
Four months later, the NSA urges all agencies to think seriously about this issue, and to check if their servers are vulnerable, especially if the organizations are dealing with sensitive information or belong to the US government network.
The NSA recommends enabling Application-Layer Protocol Negotiation (ALPN), which is a extension TLS which prevents web servers from responding to requests via disallowed protocols (such as FTP, IMAP, or anything else the server owner decides not to allow).
Let's say that Google already implemented protection techniques for the ALPACA attack in the Chrome browser.
