top | item 43738755

(no title)

0x0 | 10 months ago

So I guess you couldn't get certificates for any random (MX) domain, only for those where you can obtain an inbox / user account. Still really bad, especially for things like gmail.com, but also larger enterprises. Intense.

discuss

tptacek|10 months ago

It is unlikely that SSL.com would issue a certificate for any major mail host; it would be malpractice for them not to have some kind of exclusion list.

Issuing a Google certificate is a good way to get your whole CA killed.

AdamJacobMuller|10 months ago

Sure, gmail.com might be excluded, but its still a massive hole for a few reasons.

This would affect ANY email provider who offers public email addresses. While I agree gmail.com is probably excluded (and maybe this doesn't bypass CAA -- maybe it does) there's a whole additional surface of anyone who has an email at any big enterprise getting a certificate for their domain.

Even if I work at google.com, therefore have a google.com email, I should absolutely not be able to get a certificate for google.com just by getting an email at that company.

I doubt it's even /that hard/ to buy an email account at a big company like that in the underground world, it seems like they are valuable generally and any company with 200k employees is going to have some leaks. This massively increases the attack surface of a simple leaked email account (which might otherwise have very little or no access).

Crazy crazy oversight that has huge implications and is so easy to carry out that I would not be surprised if this was actually exploited by bad actors.

bawolff|10 months ago

> Issuing a Google certificate is a good way to get your whole CA killed.

Surely what happened here is a good way to get your CA killed? The linked bug seems pretty bad.

unit149|10 months ago

[deleted]

remram|10 months ago

Or any domain for which you can read an email sent to an inbox. I remember a few years ago an attack where the attacker would read email because a ticket would be created for incoming emails, and he could guess the next ticket ID to read it. A lot of platform that aren't email providers still allow emails in (e.g. GitHub, GitLab). This looks like a rather widely-applicable attack.

edit: I was thinking about this: https://news.ycombinator.com/item?id=41818459

cperciva|10 months ago

Or potentially one where you could subscribe to a mailing list. Which includes a lot of very important open source software projects.

mukesh610|10 months ago

Even then, use of a DNS CAA record should mitigate this, right?

AdamJacobMuller|10 months ago

Maybe?

I wouldn't assume that the bug doesn't bypass CAA checking.

Very important question to answer.

jsheard|10 months ago

Yeah - unless you're an actual SSL.com customer, in which case your CAA records would allow it. That's a much smaller blast radius at least.

mcpherrinm|10 months ago

I couldn’t reproduce the attack with a pair of my own domains, so I think it might be even narrower in scope than the initial post suggests. But I suppose we will just have to wait to see what the CA says.

thayne|10 months ago

> Out of an abundance of caution, we have disabled domain validation method 3.2.2.4.14 that was used in the bug report for all SSL/TLS certificates while we investigate.

I think they have already addressed the bug.