SUMMARY

A TURKTRUST root CA mistakenly created two intermediate CAs in August 2011. One of these intermediate CAs was used to issue a fraudulent certificate for *.google.com. TURKTRUST has revoked this fraudulent certificate and has stated that no others have been issued. When the SSL proxy is enabled, ProxySG may be vulnerable to man-in-the-middle and spoofing attacks using fraudulent certificates issued by TURKTRUST intermediate CAs.

AFFECTED PRODUCTS

All versions of ProxySG that enable SSL proxy may be vulnerable.

Patches

ProxySG will not be modifed.

ISSUES

In August 2011, a TURKTRUST root CA mistakenly issued two intermediate CA certificates to two different customers who should have received regular SSL certificates.  The two intermediate CAs were for the domains *.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org. 

There are several TURKTRUST root CAs that are widely trusted.  The subject name of the TURKTRUST root CA that mistakenly issued the two intermediate CA certificates is:

O = TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005
L = Ankara
C = TR
CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı

The certificate for e-islem.kktcmerkezbankasi.org was revoked by TURKTRUST when the customer notifed TURKTRUST of the error.  The certificate for *.EGO.GOV.TR was revoked by TURKTRUST when  Google reported that a fraudulent certificate for *.google.com had been issued by an intermediate CA signed by TURKTRUST and that the certificate was being actively used.  TURKTRUST's investigations showed that no other fraudulent certificates were created and no other unintended intermediate CAs had been created.

A fraudulent certificate can be used by an attacker to spoof the legitimate site to obtain the user's personal information (e.g., name and password) or to install malware or trojans.  An attacker can also use the fraudulent certificate to become a man-in-the-middle which allows the attacker to view and even modify the data sent between the client and the server.

Browser vendors have provided protections to ensure that the two falsely issued intermediate CAs and the fraudulent *.google.com certificate are not trusted.  The TURKTRUST root CA that mistakenly created the intermediate CA certificates continues to be trusted by most browsers.

ProxySG customers who have not enabled the SSL proxy are not vulnerable.  Customers who have enabled the SSL proxy are vulnerable if they trust the TURKTRUST root CA and have not enabled certificate revocation checking. 

ProxySG includes 5 TURKTRUST root CAs in the list of browser trusted certficates.  The ProxySG name for the TURKTRUST root CA that issued the two intermediate CA certificates is TURKTRUST_Certificate_Services_Provider_Root_2.  The thumprint is b4:35:d4:e1:11:9d:1c:66:90:a7:49:eb:b3:94:bd:63:7b:a7:82:b7. 

MITIGATION

If the SSL proxy is enabled, Blue Coat recommends that customers perform the following actions:

• Enable server certificate validation.
• Enable OCSP and/or CRLs for revocation checking.
• If using OCSP, examine the ignore settings for the OCSP responder. Ignoring failures, especially failures to connect with the OCSP responder, allows an attacker to circumvent revocation checking.
• If using CRLs, install the latest TURKTRUST CRL and ensure all other CRLs are current. Contact TURKTRUST to determine the location for this CRL.

Blue Coat does not recommend removing TURKTRUST_Certificate_Services_Provider_Root_2 from the list of browser trusted CAs at this time.  Removing the CA completely could result in the inability to connect to some websites with legitimate certificates.

REFERENCES

REVISION