Vigil@nce - Ruby: accepting Wildcard IDN
April 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a Wildcard IDN certificate, which is
accepted by Ruby, in order to perform a Man-in-the-Middle.
Impacted products: Fedora, Unix (platform)
Severity: 1/4
Creation date: 14/04/2015
DESCRIPTION OF THE VULNERABILITY
An IDN (International Domain Name) can contain encoded Unicode
characters. For example:
www.xn--kcry6tjko.example.org
A X.509 certificate can contain the ’*’ character to indicate that
it can be used on servers with the same sub-domain. For example:
w*.example.org
The RFC 6125 forbids wildcard characters in certificates for IDN.
For example:
xn—kcry6tjko*.example.org
However, Ruby allows these certificates.
An attacker can therefore create a Wildcard IDN certificate, which
is accepted by Ruby, in order to perform a Man-in-the-Middle.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Ruby-accepting-Wildcard-IDN-16594