Akamai researchers have developed an experimental exploit (PoC) for a public x.509 certificate forgery vulnerability in Windows CryptoAPI that was exposed last year.
Microsoft silently fixed bug CVE-2022-34689 in August 2022, but did not publicly disclose it until October. Researchers at Akamai this week published a PoC exploit that allows an attacker to forge a target certificate and masquerade as any site. In this case, the affected browser will display a green padlock icon indicating a secure connection, even if the connection is completely controlled by the hacker.
CryptoAPI is a Windows Application Programming Interface that developers use to provide cryptography in their applications. One of the roles of CryptoAPI is the authentication of digital certificates. And it is in this function that there is a vulnerability, as the researchers said.
To verify the authenticity of a certificate, CryptoAPI first checks to see if it already exists in the receiving application's certificate cache. If so, CryptoAPI treats the received certificate as verified. Prior to fixing the vulnerability, CryptoAPI checked for the existence of a certificate in the cache by simply comparing fingerprints of MD5 hashes. If the MD5 thumbprint of the received certificate matched the MD5 thumbprint of the certificate in the cache, CryptoAPI considered the received certificate to be verified, even if the actual content of the two certificates did not exactly match. This opens the door for cyber attacks to inject an attacker's certificate.
Akamai experts first created 2 certificates - one with a legitimate signature and the other with a malicious one - and tweaked them so that they both had the same MD5 fingerprint. They then spoofed a real CryptoAPI certificate (in this case, an old version of Chrome - v48). After the application validated the certificate and stored it in the end certificate cache, Akamai showed how a cybercriminal could use a MiTM attack to pass a second malicious certificate to the same application and verify its authenticity.
According to experts, once the MD5 fingerprint is calculated, the attack can be easily carried out. How the attacker performs the next two phases of the attack (serving two certificates) depends on the type of target application - in browsers, a simple connection reset after the first phase ends, the browser immediately tries to reconnect. At this point, the attack enters its second phase.