Experts On Research: One In Every 172 Active RSA Certificates Are Vulnerable To Attack

A vulnerability has been discovered in RSA certificates that could compromise one in every 172 certificates currently in active use.

On Saturday at the First IEEE Conference on Trust, Privacy, and Security in Intelligent Systems and Applications in Los Angeles, Calfornia, a team of researchers from Keyfactor presented their findings into the security posture of digital certificates, ZDNet reported.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Michael Barragry
Michael Barragry , Operations Lead and Security Consultant
InfoSec Expert
December 17, 2019 3:19 pm

As is generally the case with cryptographic flaws, this issue is due to a fault in the implementation rather than any weakness with the underlying mathematics.

Public key certificates are one of the key pieces of infrastructure that enable various devices and servers to securely identify and trust each other. If a malicious actor can successfully spoof a certificate for a particular device, they can essentially masquerade as that device. Depending on the trust chain that it lies within, multiple further attacks may be possible.

Vendors need to be conscious of the potential upstream impact of all design decisions, as in this case it seems like an innocuous shortcut around random number generation has given rise to a much more serious flaw.

End-users should ensure that all devices in their infrastructure are kept patched and updated with the latest firmware. Devices of higher criticality should use multi-factor authentication for an additional layer of security.

Last edited 2 years ago by Michael Barragry
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x