Regarding the LiteSSL Certificate Issuance Authentication Vulnerability
Roger M Lambdin
I've noticed this CA has just been found to have a major vulnerability.
A security researcher discovered the following issues with LiteSSL's ACME server:
According to his post [1]:
1. Flawed ACME IP throttling policy causes frequent certificate issuance failures
2. DNS -01 challenge can be exploited to issue wildcard certificates for arbitrary domains.
The second issue is particularly severe. Reproduction steps:
1. Create a LiteSSL ACME account using your own domain and pass the DNS-01 challenge to request a wildcard certificate
2. View the list of wildcard certificates issued by this CA and select any one arbitrarily [2].
3. Using your own ACME account, construct an ACME request to apply for a wildcard certificate for the selected domain [3].
I recommend the following actions:
1. Based on this CA's certificate issuance list, we need to identify which wildcard certificates have been issued [2].
2. The CA must take action to fix the vulnerability in the ACME server.
3. The CA must submit an incident report. We need to know: When was the DNS-01 challenge implemented? How did the vulnerability occur? When was the earliest exploitation of this vulnerability? Which certificates were erroneously issued?
4. Revoke the erroneously issued wildcard certificates and immediately notify the owners of these domains.
5. Based on the certificate CA information, this company is a subordinate CA of TrustAsia. We need to know: Does LiteSSL share infrastructure with them?
6. This CA must conduct a thorough investigation of its security measures and provide a report.
[1] Original source: https://archive.ph/u6U2p
[2] Certificate list: https://crt.sh/?CN=%25&iCAID=438132
[3] Certificate issued by the researcher: https://crt.sh/?q=vaadd.com
Rollin Yu
We have identified the cause. The issue affects only the recently launched free ACME service (litessl.cn). We are currently identifying the impacted certificates and will complete the revocation within 24 hours.
We will publish a incident report as soon as possible and will keep you informed of any key developments.
Roger M Lambdin
Revised: I rewrote the email and corrected some errors.
Hello, Thank you for your reply. I'm still investigating the LiteSSL issue and have uncovered some new aspects.
The blog page associated with LiteSSL's FreeSSL mentions this article:
“51ssl免费通配符证书申请流程”[1]
It mentions a website called 51ssl. I noticed that LiteSSL, FreeSSL, and 51ssl all carry the label “亚数信息科技(上海)有限公司”
This article promotes how to apply for wildcard domain certificates using 51ssl.
It outlines three methods:
1. DNS (CNAME) verification
2. File verification (i.e., 3.2.2.4.18)
3. Email verification
I am more concerned with the second method. Wildcard domains cannot be verified using the file method.
This article was published on June 24, 2022.
However, the CA/B Baseline Requirements stated on December 1, 2021:
CAs MUST NOT use methods 3.2.2.4.6, 3.2.2.4.18, or 3.2.2.4.19 to issue wildcard certificates or with Authorization Domain Names other than the FQDN.
I have the following questions:
1. LiteSSL, FreeSSL, 51ssl, and TrustAsia. Do they use the same infrastructure?
2. Is 51ssl still using these methods to validate wildcard certificates? If not, when was this corrected? Was a report filed?
Rollin Yu
1. Relationship and infrastructure
LiteSSL(website), FreeSSL, and 51ssl are certificate distribution platforms under the TrustAsia group, but they do not share CA infrastructure. All certificate issuance and domain validation are performed solely by TrustAsia’s CA systems.
2. Wildcard validation methods
51ssl does not use file-based verification (Method 3.2.2.4.18) for wildcard certificates.
51ssl is only a distribution platform and does not perform domain validation. All validations are conducted by TrustAsia CA in compliance with the CA/Browser Forum Baseline Requirements.