Spoofing vulnerability discovered in Windows CryptoAPI.

Akamai this morning released research detailing their analysis of a critical spoofing vulnerability, CVE-2022-34689, affecting Windows CryptoAPI. The vulnerability allows for malicious actors to feign a genuine entity’s identity and perform certain actions.

Background on the CVE-2022-34689 vulnerability, discovered last year.

According to Microsoft, this vulnerability allows for attackers to “spoof their identity and perform actions such as authentication or code signing as the targeted certificate.” CryptoAPI is the primary Windows API handling cryptography. Researchers say the API spans capabilities such as “reading and parsing them to validating them against verified certificate authorities (CAs). Browsers also use CryptoAPI for TLS certificate validation — a process that results in the lock icon everyone is taught to check.” CVE-2022-34689 was patched in August 2022, and disclosed in last October’s Patch Tuesday. 

How the CryptoAPI vulnerability’s attack works.

Akamai reports the attack as having two primary steps. In the first, malicious actors take a “legitimate certificate, modify it, and serve the modified version to the victim,” researchers explain. “The second phase involves creating a new certificate whose MD5 collides with the modified legitimate certificate, and using the new certificate to spoof the identity of the original certificate’s subject.” Researchers suggest that the principal issue behind the bug is an overconfident belief that the certificate cache index key, based in MD5, is “collision-free,” when in actuality MD5’s collision resistance has been known to be broken for 14 years.

Best practices advised for Windows users.

The vulnerability, while rated "critical," was given a CVSS score of only 7.5. Researchers attribute that rating to “the limited scope of vulnerable applications and Windows components in which the vulnerability prerequisites are met.” The exploitation can still impact anything using the API, including old versions of Chrome (v48 and earlier) and Chromium-based applications, with a belief from researchers that there are more unidentified weak points in the wild. “We advise you to patch your Windows servers and endpoints with the latest security patch released by Microsoft. For developers, another option to mitigate this vulnerability is to use other WinAPIs to double-check the validity of a certificate before using it, such as CertVerifyCertificateChainPolicy. Keep in mind that applications that do not use end-certificate caching are not vulnerable.”

Added, 11:00 PM ET, January 26th, 2023.

Ted Shorter, CTO of Keyfactor, wrote to comment that the difficulty of moving to a new cryptographic algorithm can render an organization vulnerable in this way.

“This is another example of how migrating away from outdated cryptographic algorithms is hard – and that the places where algorithms need to be changed are not always obvious. The attack hinges on the use of an algorithm (MD5) which is well-known to be outdated and breakable, and in general has not been trusted for years. This is perhaps a lesson for the future as well. NIST is set to standardize a number of new cryptographic algorithms in 2024 and, once that happens, the transition to those algorithms will begin. The process will take years, but eventually the algorithms we’re using today will become insecure – as happens with all algorithms – and the migration process needs to be completed before that happens. What we’ve learned here is that the migration needs to include all the “nooks and crannies” where cryptographic algorithms are used, and not just the obvious ones – or there will be more vulnerabilities like this one popping up.”