Translation by LLM of the post on Chinese forum V2EX:
LiteSSL appears to be a CA that only emerged last year. It provides free TrustAsia-backed wildcard certificates issued via ACME.
However, in my testing, its ACME server very frequently errors out with:
> Too many concurrent connections from IP 10.254.14.70 (limit: 10),
> urn:ietf:params:acme:error:rateLimited:concurrent
This clearly indicates a backend misconfiguration: LiteSSL incorrectly treats the reverse proxy’s internal IP as the client’s real IP when applying rate limits.
More seriously, LiteSSL has a *critical authentication vulnerability*.
Its DNS-01 challenge cache appears to have a very long validity period, and it does *not* verify that a certificate issuance request comes from the same ACME account that completed the original DNS-01 challenge. As a result, anyone can arbitrarily re-issue (steal-sign) certificates that were originally issued via DNS-01.
You can browse certificates issued by this CA here (ECC/RSA behave similarly). Pick any certificate with a wildcard domain, and you can re-issue it using your own LiteSSL ACME account without triggering validation:
ericdiao|1 month ago
<del>No post / incident on CA/Browser Forum also.</del>
Edit: Incident on dev-security-policy@moz: https://groups.google.com/a/mozilla.org/g/dev-security-polic...
---
Translation by LLM of the post on Chinese forum V2EX:
LiteSSL appears to be a CA that only emerged last year. It provides free TrustAsia-backed wildcard certificates issued via ACME.
However, in my testing, its ACME server very frequently errors out with:
> Too many concurrent connections from IP 10.254.14.70 (limit: 10), > urn:ietf:params:acme:error:rateLimited:concurrent
This clearly indicates a backend misconfiguration: LiteSSL incorrectly treats the reverse proxy’s internal IP as the client’s real IP when applying rate limits.
More seriously, LiteSSL has a *critical authentication vulnerability*.
Its DNS-01 challenge cache appears to have a very long validity period, and it does *not* verify that a certificate issuance request comes from the same ACME account that completed the original DNS-01 challenge. As a result, anyone can arbitrarily re-issue (steal-sign) certificates that were originally issued via DNS-01.
You can browse certificates issued by this CA here (ECC/RSA behave similarly). Pick any certificate with a wildcard domain, and you can re-issue it using your own LiteSSL ACME account without triggering validation:
[https://crt.sh/?CN=%25&iCAID=438132](https://crt.sh/?CN=%25&iCAID=438132)
`ssyhwa.cloudns.cl` is a temporary domain I created for testing; it has already passed DNS-01 validation and can reproduce the issue.
`*.vaadd.com` was a randomly selected victim domain, and I was also able to successfully steal its certificate.