Experts On Research: One In Every 172 Active RSA Certificates Are Vulnerable To Attack

By   ISBuzz Team
Writer , Information Security Buzz | Dec 17, 2019 07:12 am PST

A vulnerability has been discovered in RSA certificates that could compromise one in every 172 certificates currently in active use.

On Saturday at the First IEEE Conference on Trust, Privacy, and Security in Intelligent Systems and Applications in Los Angeles, Calfornia, a team of researchers from Keyfactor presented their findings into the security posture of digital certificates, ZDNet reported.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Michael Barragry
Michael Barragry , Operations Lead and Security Consultant
InfoSec Expert
December 17, 2019 3:19 pm

As is generally the case with cryptographic flaws, this issue is due to a fault in the implementation rather than any weakness with the underlying mathematics.

Public key certificates are one of the key pieces of infrastructure that enable various devices and servers to securely identify and trust each other. If a malicious actor can successfully spoof a certificate for a particular device, they can essentially masquerade as that device. Depending on the trust chain that it lies within, multiple further attacks may be possible.

Vendors need to be conscious of the potential upstream impact of all design decisions, as in this case it seems like an innocuous shortcut around random number generation has given rise to a much more serious flaw.

End-users should ensure that all devices in their infrastructure are kept patched and updated with the latest firmware. Devices of higher criticality should use multi-factor authentication for an additional layer of security.

Last edited 3 years ago by Michael Barragry

Recent Posts

Would love your thoughts, please comment.x