[RndTbl] MitM on IMAPS?

Sean Cody sean at tinfoilhat.ca
Sat Jan 18 20:12:38 CST 2014 

Friends don't let friends use wildcard certs.  There in the past have been rather annoying bugs relative to wildcard processing.

There is an x509 extension called Subject Alternate Name (aka SaN), this a means of adding alternate names to a certificate (specifically setup to avoid the issues of wildcards yet allowing for http vhost utility).

The common name in the certificate is just one of the basic constraints, sig needs to match as does the signer needs to validate etc.  The common name field is just the field you typically see.  In point to point SSL uses you can expand the constraints to validate more of the fields which makes it harder to forge a good signature.

The 'bad guy' just needs to make a certificate VERY close to the one you are looking at or one that satisfies a bug in the wildcard expression parser.  For instance *\0.whateveryouwant.net the \0 is 'null' which would match _any_ URI.  There are most definitely good uses of wildcard certificates (like proxy farms, load balancing) but for a single host with a single IP, it is irrelevant.

Your 'bad guy' just needs to forge a CA you already trust or convinces you to trust then you are completely hooped.
They could also (if they were bad ass enough) take the contents of the intended server certificate and subtly change things enough to convince your client it is the same certificate.  This is an example of why MD5 collisions are well... a non-trivial issues.  Recommendations for that is to use a certificate with SHA-? signatures instead of MD5 but you can't control what your CA signs... hell most CAs these days don't respect your CSR and just pull the CN and key and create their own CSR to sign.

-- 
Sean

On Jan 18, 2014, at 5:07 PM, Trevor Cordes <trevor at tecnopolis.ca> wrote:

> On 2014-01-18 Sean Walberg wrote:
>> 
>> Wildcard wise, wildcards only work for one level of subdomain and not
>> on EV certs.
> 
> Thanks for all the help guys, I'll slog through implementing the ideas
> tonight.  As I thought, it's not as simple as it looks to be.  I'm sure
> I'll have more questions.
> 
> Just a quick Q on wildcards/certs: so if I'm understanding right, a
> wildcard doesn't help a hacker, as they can't buy a * they must buy a
> *.something.com, right?
> 
> Yes, there would be the issue of a rogue CA selling a malicious wifi
> hotspot guy *.mydomain.com but there's no way they could do that on the
> fly quickly while I sit down at their wifi for only 15 mins and never
> return.  Right?  I guess my question was more whether they could
> instantly generate MitM certs for everyone who connects and intercept
> everything easily.  (I thought that is what some hotspots do for HTTPS?)
> 
> In all cases, I am assuming I have sole, complete physical control and
> access to my phone, and that the OS hasn't been compromised.  After
> all, you have to start somewhere and assume some level of security.
> And if they rootkitted my phone, them getting my IMAP credentials would
> be the least of my worries.
> 
> Thanks!
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable
>

More information about the Roundtable mailing list