TLS Certificate Private Keys exposed
Crypt-o-currency mining malware has adversely affected businesses recently and is a controversial subject of discussion among people.
The Greedy Cyber criminals are not contented by you data alone! This has led these recent enterprise breaches taking another level that renders company’s data along with its resources compromised.
AS SME (Small and Medium Sized Enterprises) holds the maximum distribution of 99% among all the enterprises, they have become the Apple for the eyes of ravenous threat actors.
In this digital age, the online presence of your business is absolutely important & necessary. The world is now a different place! Whether it’s a website, a social media page, an e-commerce platform or a combination of all, getting your company online is of utmost priority to reap major benefits. Business or no business, people expect to see you online.
Digital dominance has left no other option for people than to rely on internet to look for products and services of their choice. Few clicks can get you all that you may need for your living.
Though a website design may seem easy and effective in appearance, It involves a lot of hard work. If security measures are not taken into consideration while creating a website, the website company may be compromised leading irreparable losses to its reputation.
TLS (Transport Layer Security) certificate, an updated more secure version of SSL (Secure Sockets Layer) certificate that is considered important for keeping an internet connection safe, is no longer impregnable.
Website owners who rely on these certificates feel that the connection to their sites is safe and encrypted with their issued TLS certificates as a proud trophy! They didn’t realize that their sites are in jeopardy!
For those who are new to term TLS here is a brief description.
TLS, a successor of SSL , is a handshake protocol that provides secure communications on Internet for things such as Faxing, email and other data transfers. It primarily aims to provide privacy and data integrity for safe and secure information exchange.
The issue (TLS Certificate Private Keys exposed)came to light when companies that utilize Traefik , an infamous open source cloud based reverse proxy and load balancing solution, were affected by data breach and traffic interception.
Popular web portals that experience huge load on their servers leverage Traefik Reverse Proxy services to handle the load to enable users access the website.
TLS Certificate Private Keys exposed : What is CVE-2018-15598?
While accessing Traefik Reverse Proxy services, companies usually do not review their Traefik settings. CVE-2018-15598 is a vulnerability in Traefik Reverse Proxy service that leaves the API’s (Application Programming Interface) port publicly reachable exposing the configuration and secrets of the website.
Consequences of the Attack
Access to API’s port led to the exposure of TLS setting details and extraction of a copy of company’s TLS certificate private key.
This private key allowed attackers to
- Intercept website traffic and decrypt it,
- Encrypt web traffic (HTTPS) and make it appear to be coming from company’s official site.
How is the issue fixed?
The issue was fixed with the release of Traefik 1.6.6. This new version displays a warning to administrators who enable the dashboard’s API. It warns users about the dangers of enabling the API that might lead to the exposure of:
- TLS data
- Configuration elements
Hence enabling the API is not recommended unless it is secured by authorization and authentication.