Attackers can exploit the vulnerability in StartSSL for issuing SSL certificates

Recently, security experts have found a serious hole in the domain verification, which was discovered in the StartSSL. The detected vulnerability allows anyone to issue SSL-certificates for any domain without confirming ownership.

StartSSL – a web-based service that allows webmasters and site owners to receive valid SSL-certificates for their domains, recognized by all the major browsers. Service belongs to the Israeli company StartCom.

To prevent abuse, the service requires each user to go through the process of verifying domain ownership, in order to prevent hackers from issuing certificates for their sites.

Verification is carried out in different ways; the most common practice is to locate a particular file in the server’s root domain.

The vulnerability was found in the user verification by email, which takes place in the StartSSL. In this process, the user get an email with a validation code on specific e-mail addresses associated with the domain: postmaster@domain.com, hostmaster@domain.com and webmaster@domain.com.

In a form that lets choose the mailing address to send a validation code, the attacker can intercept HTTP-request, which went to the server, and change the settings.

Email-address, which is one of the parameters, can be easily changed to any other address. This means that anyone can get the SSL-certificate for any site, and validation code would come in their mail.

This loophole could be exploited repeatedly to issuance of SSL-certificate for banks and used it in phishing campaigns.

The hole was fixed by StartSSL on the same day when it was opened. A serious problem was quickly prevented. However, many services can potentially contain such holes. Phishing is not asleep.

Posted in Vulnerabilities Tagged with: , , ,
4 comments on “Attackers can exploit the vulnerability in StartSSL for issuing SSL certificates
  1. Graciela Steidel says:

    Hi, Neat post. There’s a problem with your web site in internet explorer, would check this¬°¬≠ IE still is the market leader and a good portion of people will miss your fantastic writing due to this problem.

  2. hopper stock says:

    I will right away graspyour rss feed as I can’t to find your email subscription link or e-newsletter service. Do you have any?Please allow me recognize so that I may just subscribe. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.