Unrevoked/unexpired certificate with Debian Weak Key

Hi,

Yesterday was the 10y anniversary of the Debian OpenSSL random number
generator bug.

A few days ago I did a re-check of the CT logs for vulnerable keys.

I found one unexpired, unrevoked certificate issued by a CA called
"QuoVadis". I reported it and it's been revoked, they told me they'll
check their systems why this certificate issuance wasn't blocked.

https://crt.sh/?id=3D308235142

I also found an unrevoked Wosign cert that I had already reported last
year. The abuse contact of wosign bounces mails.

(My check was semi-thorough, I didn't have access to all the possible
key combinations that could be generated with the Debian bug. There may
be more certs in the logs.)

--=20
Hanno B=C3=B6ck
https://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
0
Hanno
5/14/2018 8:42:45 AM
mozilla.dev.security.policy 1331 articles. 2 followers. Post Follow

6 Replies
34 Views

Similar Articles

[PageSpeed] 25

On 14/05/2018 10:42, Hanno Böck wrote:
> Hi,
> 
> Yesterday was the 10y anniversary of the Debian OpenSSL random number
> generator bug.
> 
> A few days ago I did a re-check of the CT logs for vulnerable keys.
> 
> I found one unexpired, unrevoked certificate issued by a CA called
> "QuoVadis". I reported it and it's been revoked, they told me they'll
> check their systems why this certificate issuance wasn't blocked.
> 
> https://crt.sh/?id=308235142
> 
> I also found an unrevoked Wosign cert that I had already reported last
> year. The abuse contact of wosign bounces mails.
> 
> (My check was semi-thorough, I didn't have access to all the possible
> key combinations that could be generated with the Debian bug. There may
> be more certs in the logs.)
> 

You could try the openssl-blacklist package distributed by Debian in
both source and prepackaged form.  If you use the packaged form, be sure
to include the openssl-blacklist-extra package which contains the lists
of RSA-4096 and RSA-512 keys.

Their included checking program (in the .diff file) is in Python.

URL: http://ftp.de.debian.org/debian/pool/main/o/openssl-blacklist/


Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
0
Jakob
5/14/2018 10:39:27 AM
On 14/05/18 11:39, Jakob Bohm via dev-security-policy wrote:
> On 14/05/2018 10:42, Hanno Böck wrote:
>> Hi,
>>
>> Yesterday was the 10y anniversary of the Debian OpenSSL random number
>> generator bug.
>>
>> A few days ago I did a re-check of the CT logs for vulnerable keys.
>>
>> I found one unexpired, unrevoked certificate issued by a CA called
>> "QuoVadis". I reported it and it's been revoked, they told me they'll
>> check their systems why this certificate issuance wasn't blocked.
>>
>> https://crt.sh/?id=308235142
>>
>> I also found an unrevoked Wosign cert that I had already reported last
>> year. The abuse contact of wosign bounces mails.
>>
>> (My check was semi-thorough, I didn't have access to all the possible
>> key combinations that could be generated with the Debian bug. There may
>> be more certs in the logs.)
>>
> 
> You could try the openssl-blacklist package distributed by Debian in
> both source and prepackaged form.  If you use the packaged form, be sure
> to include the openssl-blacklist-extra package which contains the lists
> of RSA-4096 and RSA-512 keys.
> 
> Their included checking program (in the .diff file) is in Python.
> 
> URL: http://ftp.de.debian.org/debian/pool/main/o/openssl-blacklist/

Today I've added a Debian weak key check feature to crt.sh.  I augmented 
Debian's original blacklists with some other blacklists I generated 
~10yrs ago for a few less common key sizes [1].

I'm currently running the check against all of the certs on the crt.sh 
DB.  I'll report back once this has completed.


[1] https://secure.comodo.com/debian_weak_keys/


-- 
Rob Stradling
Senior Research & Development Scientist
ComodoCA.com

0
Rob
5/14/2018 2:24:50 PM
On Monday, 14 May 2018 15:25:43 UTC+1, Rob Stradling   
> I'm currently running the check against all of the certs on the crt.sh 
> DB.  I'll report back once this has completed.

Hi Rob,

Did your checks find anything else in the end?
0
Daniel
6/17/2018 8:09:46 PM
On 17/06/18 21:09, Daniel Cater via dev-security-policy wrote:
> On Monday, 14 May 2018 15:25:43 UTC+1, Rob Stradling
>> I'm currently running the check against all of the certs on the crt.sh
>> DB.  I'll report back once this has completed.
> 
> Hi Rob,
> 
> Did your checks find anything else in the end?

Hi Daniel.  Thanks for the reminder.  :-)

I found a total of 1,589 certs on the crt.sh DB with Debian weak keys, 
and I did intend to publish a report.  I figured that creating a new 
batch on misissued.com would be the best way to present the data, but 
that gives me an HTTP 500 response whenever I try to submit the list of 
crt.sh IDs.

Until misissued.com lets me submit the list, you can find the list of 
affected certs in a table on the crt.sh DB called "has_debian_weak_key".

-- 
Rob Stradling
Senior Research & Development Scientist
Email: Rob@ComodoCA.com

0
Rob
6/18/2018 1:51:24 PM
Sorry -- digging into that 500 was on my plate, but there was a logging bug
on errors... and then some poor docs for the framework I'm using... and
before you know it, the yak stack was piled high. I'll cycle around to that
again this evening.

Alex

On Mon, Jun 18, 2018 at 9:53 AM Rob Stradling via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> On 17/06/18 21:09, Daniel Cater via dev-security-policy wrote:
> > On Monday, 14 May 2018 15:25:43 UTC+1, Rob Stradling
> >> I'm currently running the check against all of the certs on the crt.sh
> >> DB.  I'll report back once this has completed.
> >
> > Hi Rob,
> >
> > Did your checks find anything else in the end?
>
> Hi Daniel.  Thanks for the reminder.  :-)
>
> I found a total of 1,589 certs on the crt.sh DB with Debian weak keys,
> and I did intend to publish a report.  I figured that creating a new
> batch on misissued.com would be the best way to present the data, but
> that gives me an HTTP 500 response whenever I try to submit the list of
> crt.sh IDs.
>
> Until misissued.com lets me submit the list, you can find the list of
> affected certs in a table on the crt.sh DB called "has_debian_weak_key".
>
> --
> Rob Stradling
> Senior Research & Development Scientist
> Email: Rob@ComodoCA.com
>
> _______________________________________________
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
0
Alex
6/18/2018 1:55:31 PM
I searched through the list of certificates that Rob provided and didn't
find any new issues (no valid certificates and none that had been issues
since Jan 1, 2017 and not previously disclosed.

I've requested an incident report from QuoVadis for the one new certificate
that Hanno identified via
https://bugzilla.mozilla.org/show_bug.cgi?id=1472052

- Wayne

On Mon, Jun 18, 2018 at 6:57 AM Alex Gaynor via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> Sorry -- digging into that 500 was on my plate, but there was a logging bug
> on errors... and then some poor docs for the framework I'm using... and
> before you know it, the yak stack was piled high. I'll cycle around to that
> again this evening.
>
> Alex
>
> On Mon, Jun 18, 2018 at 9:53 AM Rob Stradling via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > On 17/06/18 21:09, Daniel Cater via dev-security-policy wrote:
> > > On Monday, 14 May 2018 15:25:43 UTC+1, Rob Stradling
> > >> I'm currently running the check against all of the certs on the crt.sh
> > >> DB.  I'll report back once this has completed.
> > >
> > > Hi Rob,
> > >
> > > Did your checks find anything else in the end?
> >
> > Hi Daniel.  Thanks for the reminder.  :-)
> >
> > I found a total of 1,589 certs on the crt.sh DB with Debian weak keys,
> > and I did intend to publish a report.  I figured that creating a new
> > batch on misissued.com would be the best way to present the data, but
> > that gives me an HTTP 500 response whenever I try to submit the list of
> > crt.sh IDs.
> >
> > Until misissued.com lets me submit the list, you can find the list of
> > affected certs in a table on the crt.sh DB called "has_debian_weak_key".
> >
> > --
> > Rob Stradling
> > Senior Research & Development Scientist
> > Email: Rob@ComodoCA.com
>
0
Wayne
6/29/2018 1:18:55 AM
Reply: