On 16/10/17 15:13, Alex Gaynor via dev-security-policy wrote:
Hi all,
Today researchers announced a vulnerability they discovered in RSA keys
generated by a particular piece of firmware, which allows practical
factorization of the private key given just the public key.
Full details of the research here:
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
There is a publicly available tool for testing keys here:
https://github.com/crocs-muni/roca
I'd encourage CAs to proactive check all of their issued certificates,
particularly S/MIME/client certs, since this affects common smartcard
implementations.
Comodo CA became aware of the ROCA vulnerability (CVE-2017-15361) on
Monday 16th October at 12:45 UTC.
We immediately downloaded the key testing tools from
https://github.com/crocs-muni/roca and set about implementing the ROCA
check in crt.sh. Having completed this implementation work on Tuesday
17th October, a report of all ROCA fingerprints found on crt.sh was
published to m.d.s.p / https://misissued.com/batch/28/ on Wednesday 18th
October.
We then set about scanning (for ROCA fingerprints) all of the certs that
we'd ever issued. This scan completed on Friday 20th October and found
175 certificates with ROCA fingerprints. Only 33 of these certs had not
yet expired:
9 Server Authentication certificates
24 S/MIME certificates
crt.sh links for the 9 serverAuth certs:
[www.]my.intellectscada.com
https://crt.sh/?id=6169662
[*.]crd.bc.ca
https://crt.sh/?id=248616628
https://crt.sh/?id=248616633
https://crt.sh/?id=248616641
[www.]gsappre01.nu.com
https://crt.sh/?id=248616637
https://crt.sh/?id=248616648
[www.]scada.nelha.net
https://crt.sh/?id=14815246
https://crt.sh/?id=248616640
[www.]scada.nelha.org
https://crt.sh/?id=248616645
A report was made available to our Validation/Support teams, who set
about contacting the affected customers and revoking the certificates.
The last of these certificates was revoked on 2nd November.
On Tuesday 31st October we implemented the ROCA vulnerability check in
our PKCS#10 CSR parsing code, and on Thursday 2nd November we
implemented the ROCA vulnerability check in our SPKAC (<keygen>) and
CRMF (RFC2511) parsing code. These changes were deployed to our
production CA system on Sunday 5th November.
On Monday 6th November, we scanned the certificates that we'd issued
between 20th October and 5th November. 8 further server authentication
certificates were found, all for subdomains of the same registered
domain. We will get these revoked and then post the details.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
