Fraudulent DigiNotar certificates

Back to all Security AdvisoriesSubscribe
Security Advisories ID: 
SA59
Published Date: 
September 1, 2011
Advisory Status: 
Final
Advisory Severity: 
Low

Digital certificate issuer DigiNotar reported an incident August 30, 2011 in which an attacker was able to issue fraudulent SSL and EVSSL certificates for several domains. Upon discovering the breach, DigiNotar has revoked the certificates. Software such as browsers and proxies that are not configured to check the revocation status of server certificates are vulnerable to man-in-the-middle and spoofing attacks.

Affected Products: 

By default, all versions of SGOS trust the DigiNotar CA. Any ProxySG that is not configured to check the revocation status of a certificate presented during an HTTPS session is vulnerable.

Advisory Details: 

DigiNotar has identified "several dozen" fraudulent certificates. The domains they were issued for include mozilla.com, yahoo.com, torproject.org, and google.com.  DigiNotar has not made a complete list available.  In ProxySG, the DigiNotar CA is named Diginotar_root_ca.  DigiNotar has revoked the known fraudulent certificates.

ProxySG only validates server certificates if the SSL proxy has been enabled. Revocation checking must be enabled separately. Blue Coat encourages customers using SSL proxy to enable revocation checking for all HTTPS connections. If revocation checking has not been enabled and configured for HTTPS connections, ProxySG will accept any one of the fraudulent certificates as valid until the certificates expire.

ProxySG supports two mechanisms for revocation checking: Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP). ProxySG 5.3, 5.4, 5.5, and 6.x support both mechanisms. ProxySG 4.3 supports only CRLs.

Both mechanisms require administrative configuration in order to be active. CRLs must be manually imported by the administrator for each CA. OCSP must be configured to use a specific OCSP responder or to use the OCSP responder specified in the certificate. For more information on configuring CRLs and OCSP, see the "Managing X.509 Certificates" in the ProxySG Administrator's Guide. Links to the documentation can be found in the References section below.

Blue Coat recommends that customers perform the following actions:

  • Enable server certificate validation.
  • Enable CRLs and/or OCSP for revocation checking.
  • If using CRLs, install the latest DigiNotar CRL and ensure all other CRLs are current.  Contact DigiNotar to determine the location for this CRL.
  • If using OCSP, examine the ignore settings for the OCSP responder. Ignoring failures, especially failures to connect with the OCSP responder, allows an attacker to circumvent revocation checking.
Workarounds: 

ProxySG will only check the revocation status of server certificates if the SSL proxy has been enabled. Customers who have not enabled the SSL proxy should ensure browsers have been upgraded with the latest security patches and have revocation checking enabled.

Customers who have enabled the SSL proxy but are unable to implement revocation checking can remove the DigiNotar CA from the list of trusted CAs used by the SSL Client. The name of the CA in ProxySG is Diginotar_root_ca. The CA certificate can be added back into the list of trusted CAs at a later time if desired.

Any CA certificate that is no longer trusted can be removed from the list of available CAs on ProxySG. After a CA certificate has been removed, it can no longer be in or added to a list of trusted CAs unless it is imported again.

Patches: 

Firefox, Internet Explorer, and other products have released patches that automatically reject the known fraudulent certificates and/or have removed DigiNotar as a trusted CA. SGOS will not be modified.

References: 

DigiNotar press release:  www.vasco.com/company/press_room/news_archive/2011/news_diginotar_report....
Microsoft Security Advisory 2607712: www.microsoft.com/technet/security/advisory/2607712.mspx.
Mozilla Firefox blog post: blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/.
For more information on CRLs and OCSP, see the "Managing X.509 Certificates" section of the SGOS documentation: 5.3, 5.4, 5.5, 6.1, 6.2. In SGOS 4.3, see the "Using Certificate Revocation Lists" section.
 

Advisory History: 

2011-09-01 Initial public release.