Failure to follow chain of trust in certificate validation

From OWASP
Revision as of 17:21, 24 September 2008 by KirstenS (Talk | contribs)

Jump to: navigation, search

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Last revision (mm/dd/yy): 09/24/2008Vulnerabilities Table of Contents

ASDR Table of Contents

Contents


Description

Failure to follow the chain of trust when validating a certificate results in the trust of a given resource which has no connection to trusted root-certificate entities.

Consequences

  • Authentication: Exploitation of this flaw can lead to the trust of data that may have originated with a spoofed source.
  • Accountability: Data, requests, or actions taken by the attacking entity can be carried out as a spoofed benign entity.

Exposure period

  • Design: Proper certificate checking should be included in the system design.
  • Implementation: If use of SSL (or similar) is simply mandated by design and requirements, it is the implementor's job to properly use the API and all its protections.

Platform

  • Languages: All
  • Platforms: All

Required resources

Minor trust: Users must attempt to interact with the malicious system.

Severity

Medium

Likelihood of exploit

Low

If a system fails to follow the chain of trust of a certificate to a root server, the certificate looses all usefulness as a metric of trust. Essentially, the trust gained from a certificate is derived from a chain of trust - with a reputable trusted entity at the end of that list. The end user must trust that reputable source, and this reputable source must vouch for the resource in question through the medium of the certificate.

In some cases, this trust traverses several entities who vouch for one another. The entity trusted by the end user is at one end of this trust chain, while the certificate wielding resource is at the other end of the chain.

If the user receives a certificate at the end of one of these trust chains and then proceeds to check only that the first link in the chain, no real trust has been derived, since you must traverse the chain to a trusted source to verify the certificate.


Risk Factors

TBD

Examples

if (!(cert = SSL_get_peer(certificate(ssl)) || !host)
  foo=SSL_get_veryify_result(ssl);
  if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))
//do stuff 


Related Attacks


Related Vulnerabilities


Related Controls

  • Design: Ensure that proper certificate checking is included in the system design.
  • Implementation: Understand, and properly implement all checks necessary to ensure the integrity of certificate trust integrity.


Related Technical Impacts


References

TBD