March 16, 2017

Threat Update: HTTPS Interception Weakens TLS Security

Many organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS connections to malicious servers.

In a recent report, The Security Impact of HTTPS Interception highlighted several security concerns with HTTPS inspection products including:

  • Many HTTPS inspection products do not properly verify the certificate chain of the server before re-encrypting and forwarding client data, allowing the possibility of a MiTM attack
  • Certificate-chain verification errors are infrequently forwarded to the client, leading a client to believe that operations were performed as intended with the correct server.

Impact

Because the HTTPS inspection product manages the protocols, ciphers, and certificate chain, the product must perform the necessary HTTPS validations. Failure to perform proper validation or adequately convey the validation status increases the probability that the client will fall victim to MiTM attacks by malicious third parties.

Solution

US-CERT recommends that organizations using an HTTPS inspection product verify that their product properly validates certificate chains and passes any warnings or errors to the client. A partial list of products that may be affected is available at The Risks of SSL Inspection [1].

Organizations may use badssl.com [2] as a method of determining if their preferred HTTPS inspection product properly validates certificates and prevents connections to sites using weak cryptography.

At a minimum, if any of the tests in the Certificate section of badssl.com prevent a client with direct Internet access from connecting, those same clients should also refuse the connection when connected to the Internet by way of an HTTPS inspection product.

Herjavec Group is available to support your HTTPS product review and can provide recommendations as appropriate for the implementation of WAF technologies in front of public facing websites or web applications.

Connect with a Herjavec Group Security Specialist here.

To view the original US-CERT advisory, please click here.

Herjavec Group circulates US – CERT advisories as this notification warrants attention and may have significance to your Enterprise network environment. If the following advisory is applicable to your environment, Herjavec Group recommends your IT team review the technical details included and monitor your environment for any susceptible systems. Herjavec Group’s analysts are working with applicable vendor partners to apply detection and mitigation strategies where appropriate. For Managed Services customers, our Managed Services team will engage with the appropriate technical contacts in your respective organizations directly to provide alerts, escalations, actions and or reports based our service agreement with you. If you have questions or concerns, please engage your Herjavec Group account representative directly or contact Herjavec Group.


 Stay Informed 

  rhsm-3  Follow us on Twitter

  rhsm-2  Connect with us on LinkedIn

 

*By selecting one of the communications above, you consent to Herjavec Group
 sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.