The National Security Agency (NSA) Advises Against Using Wildcard TLS Certificates

The National Security Agency (NSA) Advises Against Using Wildcard TLS Certificates

The National Security Agency (NSA) issued a warning against the wildcard TLS certificates usage, which may lead to the Application Layer Protocol Content Confusion Attack (ALPACA) TLS cyberattack.

A wildcard certificate is a digital TLS certificate issued by a certificate authority to businesses. A wildcard character can be used to apply this certificate to a domain and all of its underlying subdomains. It is effectively used to cut expenses and make management more effortless.

According to NSA, cybercriminals may use wildcard TLS certificates to decode TLS-encrypted communication. Anyone with a private key connected to a wildcard certificate can spoof the sites and access passwords and protected information. However, if an attacker uses that method to hack a server, they may compromise the entire business.

The National Security Agency (NSA) has issued a warning against using wildcard TLS certificates. It has also issued technical recommendations to help safeguard the Department of Defense, National Security Systems (NSS), and Defense Industrial Base (DIB).

The ALPACA attack was revealed in June and maybe exploited because of the use of wildcraft certificates. Here are a few highlights about this attack:

  • The attacker can use this technique to trick web servers running multiple protocols into responding to encrypted HTTPS requests using unencrypted protocols, including FTP, IMAP, and POP3.
  • Session cookies and other sensitive user information are extracted as a result.
  • Furthermore, it allows the attacker to run arbitrary JavaScript in the context of the exposed web server, allowing TLS and web app security to be bypassed.
  • Around 119,000 web servers are still vulnerable to the latest ALPACA attacks, according to experts. The alert advises businesses to examine their web servers for vulnerabilities.

The NSA advice includes security suggestions to assist companies in safeguarding their servers from the threats mentioned above. Using an application gateway or web application firewall, DNS encryption, DNS security validation extensions, and activating Application-Layer Protocol Negotiation (APLN) are among the mitigations proposed in the advisory. Apart from these safeguards, businesses should deploy the most recent security patches and upgrades as soon as they are available.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.