There’s no evidence that HiCA was actually capturing or using those keys, but this company was abusing an RCE to put itself in the position to have that ability.
This doesn’t allow encryption, but these keys could be used to impersonate or even launch MitM attacks against those domains. HiCA has access to the key of every SSL cert they handled. Once found, it sends the signed certificates to HiCA, who then forward them on to the end user. The last piece of the authentication process is that the signing server reaches out over HTTP to the domain being signed, and looks for the token to be there. The end user’s machine triggers the RCE, which pushes the challenge token to the well-known location, and bypasses the ACME protection against exactly this sort of CA-in-the-middle situation. SSL.com sends back a challenge, and HiCA embeds that challenge in the RCE and sends it to the end user. HiCA takes that information, and initiates a certificate request off to SSL.com. The way it appears this works, is that the end user sends a certificate request to HiCA. So, just a good community member offering a service that ACME doesn’t quite support, right? Those services don’t support ACME authentication at all, and HiCA used the acme.sh vulnerability to put the authentication token in the place SSL.com expected to find it. The nuts and bolts here is that HiCA was working as a CA-in-the-Middle, wrapping other CA’s authentication services. The folks behind HiCA found an RCE exploit in acme.sh, and decided to use that exploit to do certificate issuance with more “flexability”. This pseudo-CA only supports acme.sh, and now we know why.
One of those last ones, acme.sh, was doing something odd when talking to a particular “Certificate Authority”, HiCA. Some are written in Rust, some in Python or Go, and a few in straight Bash shell script. The protocol used for authenticating and receiving certificates, ACME, has spawned quite a few clients of various flavors. Sharing dumps violates a reddit global rule and may result in a site-wide ban.Let’s Encrypt has made an enormous difference to the landscape of the web. Posting brain or answer dumps for Fortinet certifications is prohibited as they are copyrighted material.
Some examples of useful information are the following: Next, please provide us as much information about your problem as you possibly can. If you're having a problem with a Fortinet product, first, make sure you submit your request to Fortinet TAC if you have a valid support contract. Here you can ask for help, share tips and tricks, and discuss anything related to Fortinet and Fortinet Products. Fortinet is a global leader and innovator in Network Security.
0 kommentar(er)
