joepie91
/
ca-incidents
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
An overview of past incidents that various Certificate Authorities have been involved in.
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
10 MiB
Text 100%
 
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bf94ea6055'
${ noResults }
Go to file
Sven Slootweg bf94ea6055 Initial commit 8 years ago
sources Initial commit 8 years ago
README.md Initial commit 8 years ago

README.md

Certificate Authority incidents

This repository aims to provide a comprehensive overview of past incidents that (SSL/TLS) Certificate Authorities have been involved in. These may be security issues, privacy issues, or basically any other kind of incident that might cause one to distrust a Certificate Authority.

This includes incidents that are not directly related to a company's SSL/TLS certificate issuance, but that occurred within the same organization. The reason for this is that these kind of incidents often result from poor internal policies regarding security, and it is very likely that such policies also affect the part of the organization that handles certificate issuance.

Why?

Because there should be full transparency about these kind of issues - to everybody, not just browser vendors - and CAs often do not appear willing to provide this kind of transparency, sometimes going so far as to threaten with lawsuits (like WoSign did recently).

Regarding issuance to malware sites

With some regularity, Certificate Authorities issue domain-validated certificates to websites that distribute malware, attempt to phish users, or otherwise behave maliciously. These incidents are not listed here, because issuing a DV certificate to a malware site is a completely valid thing to do. A DV certificate only certifies that the client is talking to the real server for a domain, and that there are no parties inbetween that can meddle with the connection - it explicitly does not certify that the domain in question is trustworthy.

Of course, cases where eg. an Extended Validation certificate is incorrectly issued will still be listed, as these constitute a failure of the Certificate Authority to appropriately verify the identity of the applicant.

Contributing

If you're aware of an incident that is not listed here, feel free to open a pull request. Please make sure to include a clear source describing the incident, preferably in English.

The incidents

This list is sorted alphabetically by the names of the Certificate Authorities. If the CA is part of a larger organization with a different name, the CA name is what will be used for sorting purposes, but the name of the overarching organization will be listed behind it.

ANSSI

  • December 3, 2013: Google finds fraudulent certificates for Google domains, signed by ANSII. The certificates are used for MITM attacks. (source)

CNNIC

  • March 3, 2015: An intermediate CA operating under CNNIC (named MCS Holdings) is found issuing fraudulent certificates for various Google domains, for the purpose of MITM attacks. This delegation should have never occurred, as MCS Holdings was not fit to hold this kind of authority. (source)

Comodo

  • May 16, 2009: Comodo is found issuing issuing certificates to malware sites. While this in and of itself is not a problem (see the explanation at the top of this page), Comodo allegedly asked the reporter to "keep quiet" about these issuances. (source)
  • March 23, 2011: Comodo is found issuing 9 fraudulent certificates for high-profile properties including Google and Skype. (source, source)
  • February 2015: Comodo is found to be involved in PrivDog, an advertisement blocking application. PrivDog used an MITM approach to scan and modify traffic, but turned out to essentially break certificate validation entirely, in a way that is reminiscent of the Lenovo/Superfish incident. (source)
  • January 22, 2016: Chromodo, Comodo's customized Chromium browser, is found to disable the same origin policy, creating a critical security issue. The installation and workings of the browser also resemble common malware practices. (source)
  • June 23, 2016: Comodo attempts to file three different trademarks relating to the term "Let's Encrypt" (which is the name of a competing, non-profit, free certificate provider). Its CEO then tried to argue that Let's Encrypt "copied" Comodo's "90 days free" business model - despite Comodo's "free" certificates being non-renewable trial certificates, whereas Let's Encrypt certificates are truly free and renewable. (source, source)
  • July 25, 2016: Comodo is found to allow UI redressing attacks in their domain validation e-mails, allowing an attacker to obtain a fraudulent certificate for a target of choice. (source)
  • August 3, 2016: A Comodo employee edits the "Comodo Group" Wikipedia article to include a poorly written advertisement. (source, source)

Digicert Malaysia

  • November 2011: Digicert Malaysia is blacklisted by Microsoft, Google and Mozilla after issuing 22 certificates with serious security deficiencies. Their intermediate CA certificate is also revoked by Entrust. (source)

DigiNotar (now defunct)

  • July 10, 2011: DigiNotar issues fraudulent wildcard certificate for Google that is later used in an MITM attack. (source)
  • August 2011: It becomes clear that hundreds of fraudulent certificates were created. The total count of fraudulent certificates is at least 531. (source)
  • September 3, 2011: The Dutch government withdraws their earlier statement that the intermediate CA for Dutch government services was not affected, after an investigation by Fox-IT. (source)

Entrust

  • November 2011: Entrust is involved in the Digicert Malaysia incident (see above), and has apparently failed to audit the intermediary CA. They revoke Digicert Malaysia's intermediate certificate after the incident becomes public. (source)

Gemnet (owned by KPN)

  • December 2011: Gemnet is compromised through an unsecured and passwordless public instance of PHPMyAdmin. It is unclear whether fraudulent certificates were issued, or whether confidential information was leaked. (source)

Getronics / KPN Corporate Market (owned by KPN)

  • November 2011: Evidence surfaces that Getronics was compromised 4 years earlier, but Getronics claims that no production servers were affected. (source, source)

GlobalSign

  • September 2011: A webserver at GlobalSign is compromised. GlobalSign notes that there was no evidence of fraudulent certificate issuance, and that the issuance systems were airgapped and thus not affected. (source)

Kazakh Government

  • December 2015: The Kazakh government announces that it will require each citizen to install a custom Certificate Authority root, that will allow MITM attacks by the government. It's unclear what organization is tasked with maintaining the CA. (source, source)

National Informatics Centre (India)

  • July 8, 2014: Google announces that it has detected fraudulently certificates for various Google domains, issued by the National Informatics Centre of India. The certificates were likely used for an MITM attack. (source)

StartCom (now likely owned by WoSign)

  • April 2014: StartCom refuses to revoke certificates that were (potentially) compromised through HeartBleed. (source)
  • June 18, 2016: StartCom launches a service named "StartEncrypt", which is essentially a clone of Let's Encrypt - however, it requires the installation of a binary, with no ability to inspect the source code. (source: see sources/startencrypt.txt)
  • June 30, 2016: StartEncrypt is found to have numerous vulnerabilities, including multiple critical vulnerabilities that resulted in the possibility of misissuance for high-profile domains such as google.com, facebook.com, live.com, paypal.com, and dropbox.com. (source)
  • July 2016: StartCom, in its StartEncrypt API, allows issuance of SHA1 certificates, in violation of CA requirements. The certificates are also backdated to December 20, 2015, and signed by WoSign rather than StartCom. The incident was not reported to Mozilla as it should have been. (source)
  • July 2016: It is reported that WoSign has quietly acquired StartCom, but is trying to keep this under wraps (see the WoSign section for details).

Symantec

  • December 2015: Symantec announces the discontinuation of one of their root certificates, that was obtained in the VeriSign acquisition. However, the root certificate will not actually be discontinued, it will just no longer be used for publicly issued certificates - and Symantec intends to use it for "unspecified purposes". Consequently, the root certificate is blacklisted in all Google products. (source, source)
  • May 26, 2016: Symantec is found to have provided an intermediate CA to Blue Coat, a company that develops MITM solutions and devices that are used by governments to violate human rights. (source)
  • June 13, 2016: Symantec announces a deal to purchase Blue Coat. Given that the purpose of TLS is to prevent MITM attacks, this makes their position as a CA extremely dubious. (source)

Trustwave

  • February 2012: Trustwave is found to have issued subordinate certificates to customers for the purpose of executing MITM attacks. (source)

TÜRKTRUST

  • Late 2011: TÜRKTRUST hands out subordinate certificates to the Turkish government and a Turkish bank and fails to disclose the existence of these certificates, allowing these organizations to issue their own (CA-validated) certificates. One of these certificates was used to issue a certificate for gmail.com. (source)

Verisign (CA is now owned by Symantec)

  • 2010: Verisign is compromised, and undisclosed information is obtained by the attackers. (source)

WoSign

  • April 23, 2015: WoSign incorrectly issues a certificate for a university system by allowing the applicant to verify their ownership on a high port - while not in violation of CA requirements at the time, this is widely understood to be a bad idea. The incident was not reported to Mozilla as it should have been. (source)
  • June 2015: WoSign incorrectly issues certificates for the base domains www.ucf.edu, github.com, github.io, and www.github.io, after an applicant verified their control of a subdomain. All of these certificates appear to have not been revoked at the time of writing (September 2016). The incident was, again, not reported to Mozilla as it should have been. (source, source, source)
  • July 2016: WoSign is reported to have acquired StartCom, the evidence of which is published at letsphish.org. (source, full WARC archive in sources/wosign-acquisition)
  • September 2016: WoSign threatens the author of letsphish.org with legal action, despite his publication being based on public information. They also attempt to prevent the information from spreading further by claiming that any third-party distribution will result in more penalties for the original author. (source, source)