NSA Warns Of Wildcard TLS Certificate Dangers, Expert Reacted

By   ISBuzz Team
Writer , Information Security Buzz | Oct 18, 2021 03:15 am PST

BACKGROUND:

The¬†NSA is warning¬†organizations to avoid using wildcard digital encryption certificates in order to minimize the risk from a new form of TLS traffic decryption attacks, dubbed “ALPACA.”
This attack, discovered in June, allows threat actors to confuse machine identities that run multiple protocols and trick servers to respond to encrypted HTTPS requests through unencrypted protocols. These unencrypted responses offer a means for cybercriminals to steal cookies and private user data.