Security Advisories

March 24, 2011 - Fraudulent Comodo SSL certificates

Security Advisories ID:    SA54
Version:    9.0
Status:    Published
Published date:    03/24/2011
Updated:    09/06/2011
 

Advisory Status

Final

Advisory Severity

Informational

Summary

Digital certificate issuer Comodo reported an incident March 15, 2011 in which an attacker was able to issue nine fraudulent SSL certificates for seven different domains using the InstantSSL Certificate Authority (CA).  Upon discovering the breach, Comodo immediately revoked the certificates.  Software such as browsers and proxies that are not configured to check the revocation status of server certificates are vulnerable to man-in-the-middle and spoofing attacks.

Affected Products

By default, all versions of SGOS trust the Comodo InstantSSL CA.  Any ProxySG that is not configured to check the revocation status of a certificate presented during an HTTPS session is vulnerable.

Details

The nine fraudulent certificates were issued by the Comodo InstantSSL Certificate Authority (CA) to seven different domains:  mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org, login.live.com, and "Global Trustee".  In ProxySG, the Comodo InstantSSL CA is named UTN_USERFirst_HW

ProxySG only validates server certificates if the SSL proxy has been enabled.  Revocation checking must be enabled separately.  Blue Coat encourages customers using SSL proxy to enable revocation checking for all HTTPS connections. If revocation checking has not been enabled and configured for HTTPS connections, ProxySG will accept any one of the nine fraudulent certificates as valid until the certificates expire.

ProxySG supports two mechanisms for revocation checking:  Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP).  ProxySG 5.3, 5.4, 5.5, and 6.x support both mechanisms.  ProxySG 4.3 supports only CRLs. 

Both mechanisms require administrative configuration in order to be active.  CRLs must be manually imported by the administrator for each CA.  OCSP must be configured to use a specific OCSP responder or to use the OCSP responder specified in the certificate.  For more information on configuring CRLs and OCSP, see the "Managing X.509 Certificates" in the ProxySG Administrator's Guide.  Links to the documentation can be found in the References section below.

Blue Coat recommends that customers perform the following actions:

  • Enable server certificate validation at least for the seven domains in the fraudulent certificates.
  • Enable CRLs and/or OCSP for revocation checking.
  • If using CRLs, install the latest Comodo InstantSSL CRL and ensure all other CRLs are current.  The latest Comodo InstantSSL CRL can be downloaded here:  crl.comodo.net/UTN-USERFirst-Hardware.crl.
  • If using OCSP, examine the ignore settings for the OCSP responder.  Ignoring failures, especially failures to connect with the OCSP responder, allows an attacker to circumvent revocation checking.

Workarounds

ProxySG will only check the revocation status of server certificates if the SSL proxy has been enabled.  Customers who have not enabled the SSL proxy should ensure browsers have been upgraded with the latest security patches and have revocation checking enabled.

Customers who have enabled the SSL proxy but are unable to implement revocation checking can remove the Comodo InstantSSL CA from the list of trusted CAs used by the SSL Client.  The name of the CA in ProxySG is UTN_USERFirst_HW.  The CA certificate can be added back into the list of trusted CAs at a later time if desired. 

Any CA certificate that is no longer trusted can be removed from the list of available CAs on ProxySG.  After a CA certificate has been removed, it can no longer be in or added to a list of trusted CAs unless it is imported again.

Patches

Firefox, Internet Explorer, and other products have released patches that automatically reject the nine fraudulent certificates.  SGOS will not be modified.

References

Comodo incident report:  www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

Comodo blog post:  blogs.comodo.com/it-security/data-security/the-recent-ra-compromise/

Comodo InstantSSL CRL:  crl.comodo.net/UTN-USERFirst-Hardware.crl

Microsoft Security Advisory 2524375:  www.microsoft.com/technet/security/advisory/2524375.mspx

Mozilla Firefox blog post:  blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/

For more information on CRLs and OCSP, see the "Managing X.509 Certificates" of the SGOS documentation: 4.3, 5.3, 5.4, 5.5, 6.1, 6.2

Advisory History

2011-09-06 Marked status as final

2011-05-23 Added links to SGOS documentation.

2011-03-30 General clarifications on SSL proxy and added name of InstantSSL certificate in ProxySG, domains of fraudulent certificates, and where to find the CRL for the InstantSSL CA.

2011-03-24 Initial public release.


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question