A significant flaw has been identified in SSL.com’s Domain Control Validation (DCV) process, which poses a risk of issuing unauthorized SSL/TLS certificates. This vulnerability could expose trusted domains to impersonation, man-in-the-middle (MITM) attacks, and the interception of encrypted traffic. We recommend reviewing the details in this Cybersecurity Threat Advisory to enhance the security of your environment.
What is the threat?
This critical vulnerability was discovered in SSL.com’s infrastructure related to misconfigured or improperly validated certificate profiles. This flaw enables attackers to issue SSL/TLS certificates with unverified Subject Alternative Names (SANs), allowing them to generate certificates for domains they do not own or control. This vulnerability effectively bypasses domain control validation, one of the core safeguards in the certificate issuance process.
Why is it noteworthy?
SSL.com is a trusted Certificate Authority (CA) recognized by all major browsers and operating systems. Any compromise in its certificate validation process poses a direct threat to the integrity of the global HTTPS trust model.
This incident is especially alarming because it enables the creation of valid-looking certificates for unauthorized domains. Malicious actors can exploit these certificates to execute man-in-the-middle (MITM) attacks, impersonate legitimate sites, or launch phishing schemes. Additionally, Certificate Transparency (CT) logs publicly recorded the flawed certificates, yet monitoring systems failed to detect them, highlighting weaknesses in current oversight mechanisms.
What is the exposure or risk?
The vulnerability creates significant real-world risks for organizations and end users. Users may have unknowingly interacted with fraudulent websites that presented legitimate-looking, but unauthorized, SSL certificates. Organizations could suffer reputational and data losses due to credential theft or unauthorized access. This incident may erode confidence in the broader public key infrastructure (PKI), particularly for digital certificates issued by even highly trusted CAs like SSL.com.
What are the recommendations?
Barracuda recommends the following actions to secure your environment:
- Keep DNSSEC and HSTS configured: These will provide extra security layers to prevent downgrade and redirection attacks even in the presence of rogue certificates.
- Implement TLS monitoring and inspection.
- Reviewing certificate logs to check for any unauthorized certificates for domains.
References
For more in-depth information about the recommendations, please visit the following links:
- https://cyberpress.org/hacker-exploits-ssl-com-domain-validation/
- https://trackssl.com/critical-ssl-com-vulnerability-allowed-unauthorized-certificates/
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.