|Security Advisory ID SYMSA1268|
Initial Publication Date:
9 Jan 2013
A TURKTRUST root CA mistakenly created two intermediate CAs in August 2011. One of these intermediate CAs was used to issue a fraudulent certificate for *.google.com. TURKTRUST has revoked this fraudulent certificate and has stated that no others have been issued. When the SSL proxy is enabled, ProxySG may be vulnerable to man-in-the-middle and spoofing attacks using fraudulent certificates issued by TURKTRUST intermediate CAs.
All versions of ProxySG that enable SSL proxy may be vulnerable.
ProxySG will not be modifed.
In August 2011, a TURKTRUST root CA mistakenly issued two intermediate CA certificates to two different customers who should have received regular SSL certificates. The two intermediate CAs were for the domains *.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org.
There are several TURKTRUST root CAs that are widely trusted. The subject name of the TURKTRUST root CA that mistakenly issued the two intermediate CA certificates is:
O = TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005
L = Ankara
C = TR
CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
The certificate for e-islem.kktcmerkezbankasi.org was revoked by TURKTRUST when the customer notifed TURKTRUST of the error. The certificate for *.EGO.GOV.TR was revoked by TURKTRUST when Google reported that a fraudulent certificate for *.google.com had been issued by an intermediate CA signed by TURKTRUST and that the certificate was being actively used. TURKTRUST's investigations showed that no other fraudulent certificates were created and no other unintended intermediate CAs had been created.
A fraudulent certificate can be used by an attacker to spoof the legitimate site to obtain the user's personal information (e.g., name and password) or to install malware or trojans. An attacker can also use the fraudulent certificate to become a man-in-the-middle which allows the attacker to view and even modify the data sent between the client and the server.
Browser vendors have provided protections to ensure that the two falsely issued intermediate CAs and the fraudulent *.google.com certificate are not trusted. The TURKTRUST root CA that mistakenly created the intermediate CA certificates continues to be trusted by most browsers.
ProxySG customers who have not enabled the SSL proxy are not vulnerable. Customers who have enabled the SSL proxy are vulnerable if they trust the TURKTRUST root CA and have not enabled certificate revocation checking.
ProxySG includes 5 TURKTRUST root CAs in the list of browser trusted certficates. The ProxySG name for the TURKTRUST root CA that issued the two intermediate CA certificates is TURKTRUST_Certificate_Services_Provider_Root_2. The thumprint is b4:35:d4:e1:11:9d:1c:66:90:a7:49:eb:b3:94:bd:63:7b:a7:82:b7.
If the SSL proxy is enabled, Blue Coat recommends that customers perform the following actions:
- Enable server certificate validation.
- Enable OCSP and/or CRLs for revocation checking.
- If using OCSP, examine the ignore settings for the OCSP responder. Ignoring failures, especially failures to connect with the OCSP responder, allows an attacker to circumvent revocation checking.
- If using CRLs, install the latest TURKTRUST CRL and ensure all other CRLs are current. Contact TURKTRUST to determine the location for this CRL.
Blue Coat does not recommend removing TURKTRUST_Certificate_Services_Provider_Root_2 from the list of browser trusted CAs at this time. Removing the CA completely could result in the inability to connect to some websites with legitimate certificates.
ProxySG will only check the revocation status of server certificates if the SSL proxy has been enabled. Customers who have not enabled the SSL proxy should ensure browsers have been upgraded with the latest security patches and have revocation checking enabled.
Customers who have enabled the SSL proxy but are unable to implement revocation checking can remove the CA TURKTRUST_Certificate_Services_Provider_Root_2 from the list of trusted CAs used by the SSL Client. The CA certificate can be added back into the list of trusted CAs at a later time if desired. Removing the CA from the list of trusted CAs may result failure to validate legitimate certificates presented by some websites.
Any CA certificate that is no longer trusted can be removed from the list of available CAs on ProxySG. After a CA certificate has been removed, it can no longer be in or added to a list of trusted CAs unless it is imported again.
Mozilla blog post: https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
Google blog post: https://security.googleblog.com/2013/01/enhancing-digital-certificate-security.html
Microsoft advisory: http://technet.microsoft.com/en-us/security/advisory/2798897
2015-01-20 Marked as final
2013-01-11 Additional details added about the TURKTRUST root CA
2013-01-09 Initial public release