GoDaddy: Random Value Vulnerability in Domain Validation

RESOLVED FIXED

Status

RESOLVED FIXED
7 months ago
3 months ago

People

(Reporter: wayne, Assigned: dreynolds)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [ca-compliance])

(Reporter)

Description

7 months ago
Daymion Reynolds posted the message below to the mozilla.dev.security.policy forum on 17-August.

Please provide an incident report, as described here:
https://wiki.mozilla.org/CA/Responding_To_A_Misissuance#Incident_Report
The incident report should be posted to the mozilla.dev.security.policy forum and added to this bug.

Revoke Disclosure

GoDaddy has been proactively performing self-audits. As part of this process, we identified a vulnerability in our code that would allow our validation controls to be bypassed. This bug would allow for a Random Value that was generated for intended use with Method 3.2.2.4.6 and 3.2.2.4.7 and was validated using Method 3.2.2.4.2 by persons who were not confirmed as the domain contact. This bug was introduced November 2014 and was leveraged to issue a total of 865 certificates. The bug was closed hours after identification, and in parallel we started the scope and revocation activities.

In accordance with CA/B Forum BR, section 4.9.1.1, all miss-issued certificates were revoked within 24 hours of identification.

A timeline of the Events for Revocation are as follows:

8/13 9:30am – Exploit issue surfaced as possible revocation event.
8/13 9:30-4pm – Issue scope identification (at this point it was unknown), gathering certificate list
8/13 4pm – Certificate list finalized for revoke total 825 certs, Revoke notification sent to cert owners.
8/14 1:30pm – All certificates revoked.

Further research identified 40 certificates which contained re-use of suspect validation information.
8/15 – 2pm – Additional certificates identified due to re-use.
8/15 – 2:30pm – Customers notified of pending revoke.
8/16 – 12:30pm – All certificated revoked.

We stand ready to answer any questions or concerns.
Daymion

Certificate list which can be found in CRT.sh:

Domain,CRT.sh link
www.makancoaching.co.uk,https://crt.sh/?id=486518293
www.superguttervac.co.uk,https://crt.sh/?id=484345622
www.aloftimaging.co.uk,https://crt.sh/?id=486443992
www.inverroycrisismanagement.com,https://crt.sh/?id=505471354
*.lumeter.co.uk,https://crt.sh/?id=575952063
theredstartprimaryschool.co.uk,https://crt.sh/?id=448982417
www.glscoatings.co.uk,https://crt.sh/?id=471607541
www.thelittlecakekitchen.co.uk,https://crt.sh/?id=622887520
bri-lyncsbs1.corp.uxc.com.au,https://crt.sh/?id=445612142
mel-lyncsbs1.corp.uxc.com.au,https://crt.sh/?id=445611906
syd-lyncsbs1.corp.uxc.com.au,https://crt.sh/?id=445589055
www.photislight.co.uk,https://crt.sh/?id=627260711
sportsandplayconsulting.co.uk,https://crt.sh/?id=432887146
*.mca.uk.net,https://crt.sh/?id=476788955
www.underdogcoffee.co.uk,https://crt.sh/?id=445809844
www.kiyoraspa.co.uk,https://crt.sh/?id=448128056
www.kinesisclinic.co.uk,https://crt.sh/?id=444013056
www.homegenies.co.uk,https://crt.sh/?id=490198693
activemountaineering.co.uk,https://crt.sh/?id=452604481
www.brightonshellfish.co.uk,https://crt.sh/?id=484311113
www.electroquip.co.uk,https://crt.sh/?id=454680891
www.melbournederbyshire.co.uk,https://crt.sh/?id=459144464
iih.org.uk,https://crt.sh/?id=452613519
*.growhub.co.uk,https://crt.sh/?id=445804391
www.weaversguesthouse.co.uk,https://crt.sh/?id=516764585
*.ctc-solutions.co.uk,https://crt.sh/?id=508837605
thothmail.saqqara.co.uk,https://crt.sh/?id=627917932
www.ringwoodhallhotel.com,https://crt.sh/?id=456471228
remote.yachtingpages.com,https://crt.sh/?id=453013515
www.waynesecigsupplies.co.uk,https://crt.sh/?id=484348665
www.thoth.saqqara.co.uk,https://crt.sh/?id=477514633
remote.mara.uk.com,https://crt.sh/?id=491400207
www.needfulthings.uk.com,https://crt.sh/?id=458812648
www.sensoryapphouse.com,https://crt.sh/?id=460684499
www.youcanbecome.co.uk,https://crt.sh/?id=486521955
*.speechbuilder.co.uk,https://crt.sh/?id=465020837
www.somerville-house.co.uk,https://crt.sh/?id=513011072
www.cameoclassics.co.uk,https://crt.sh/?id=627503851
praxis-godesberger-allee.de,https://crt.sh/?id=491408016
www.hydra-te.co.uk,https://crt.sh/?id=505470107
*.mca.uk.net,https://crt.sh/?id=476788955
*.mhsserver5.com,https://crt.sh/?id=575963842
www.dormagen-anwalt.de,https://crt.sh/?id=487910728
rosenbaumgruppe.eu,https://crt.sh/?id=484075777
remote.micheloud.net,https://crt.sh/?id=491387626
webmail.janssensmarket.com,https://crt.sh/?id=527896643
www.collegeinabox.co.uk,https://crt.sh/?id=500425581
www.lepetitcapelier.com,https://crt.sh/?id=497736247
www.total-michel.com,https://crt.sh/?id=486035156
www.thetoolbox.uk.com,https://crt.sh/?id=486038438
www.theinformer.org.uk,https://crt.sh/?id=488179681
outlook.comprovide.de,https://crt.sh/?id=575914237
www.vellastar.com,https://crt.sh/?id=493898204
mail.iarg.com.au,https://crt.sh/?id=501369255
www.iplacenotes.com,https://crt.sh/?id=487635287
isiportalorders.com,https://crt.sh/?id=496718880
www.ostsee-grundbesitz.de,https://crt.sh/?id=518520334
invia-koeln.de,https://crt.sh/?id=489938629
www.nikkihalliwell.com,https://crt.sh/?id=510581809
www.mckennaxmedia.co.uk,https://crt.sh/?id=513220692
www.indigoplumbingandheating.co.uk,https://crt.sh/?id=553607579
essentialtwenty.co.uk,https://crt.sh/?id=488171957
www.topthornarena.co.uk,https://crt.sh/?id=497039944
www.marstallwache.de,https://crt.sh/?id=512736683
www.feuerwehr-heinrichsheim.de,https://crt.sh/?id=551287541
kaizenlaw.co.uk,https://crt.sh/?id=492950320
www.sumgyeojingem.com,https://crt.sh/?id=494615543
www.jmac.uk.com,https://crt.sh/?id=627421796
www.thewateringhole.bar,https://crt.sh/?id=606515818
www.ianhudson.net,https://crt.sh/?id=645899632
*.art2day.co.uk,https://crt.sh/?id=494887434
remote.schabos.de,https://crt.sh/?id=527914651
jimrailton.com,https://crt.sh/?id=497728128
www.viaherbal.uk.com,https://crt.sh/?id=626816368
mail.fruvital.de,https://crt.sh/?id=527932156
mail.quadrax.com,https://crt.sh/?id=527898461
*.gleeson-homes.co.uk,https://crt.sh/?id=551770424
lillilondoncleaning.co.uk,https://crt.sh/?id=518843419
calendarcolumbusga.com,https://crt.sh/?id=515938374
visitcolumbusga.com,https://crt.sh/?id=515940898
familyguidancecenter.org,https://crt.sh/?id=525175743
www.fileybeach.co.uk,https://crt.sh/?id=516761056
www.locksmith-basildon.co.uk,https://crt.sh/?id=506689410
www.mncrs.co.uk,https://crt.sh/?id=527899152
www.medserveltd.com,https://crt.sh/?id=524569563
www.polishwithpatrycja.co.uk,https://crt.sh/?id=513016946
giftcirkul.com,https://crt.sh/?id=510267354
*.imfs.co.com,https://crt.sh/?id=533722181
mckessonbuyersuniversity.ceimpact.com,https://crt.sh/?id=608331921
www.eahl.eu,https://crt.sh/?id=514571526
www.youcansell.co.uk,https://crt.sh/?id=529858360
www.residenzen-heiligendamm.de,https://crt.sh/?id=597111801
www.jakhire.com,https://crt.sh/?id=513062389
mykologie-koeln.de,https://crt.sh/?id=509389792
www.findgym.co.uk,https://crt.sh/?id=518842814
www.caddie-express.co.uk,https://crt.sh/?id=576068567
*.hummersknott.org.uk,https://crt.sh/?id=610718875
www.backhealthexpert.com,https://crt.sh/?id=535773480
www.a-webster.co.uk,https://crt.sh/?id=606885987
ovadraft.com,https://crt.sh/?id=554350487
www.bicoolsolutions.co.uk,https://crt.sh/?id=525295841
www.stangenberg-residenzen.de,https://crt.sh/?id=511678790
www.yourproduct.co.uk,https://crt.sh/?id=544449542
davisandcopeland.com,https://crt.sh/?id=517939638
www.kifkim.co.uk,https://crt.sh/?id=534849037
mailgate.technicool.uk.com,https://crt.sh/?id=575968558
www.smithsfamilylawyer.co.uk,https://crt.sh/?id=541285213
www.cesgb.com,https://crt.sh/?id=525764837
www.signingtreevenue.org.uk,https://crt.sh/?id=632241456
sportsmark.co.uk,https://crt.sh/?id=563328238
www.fscdash.co.uk,https://crt.sh/?id=606796378
www.dowellwebtools.com,https://crt.sh/?id=537746445
www.huntandnash.co.uk,https://crt.sh/?id=545455209
www.cookyourlife.co.uk,https://crt.sh/?id=551714450
autodiscover.norvap.com,https://crt.sh/?id=536781943
mailserver.bauenundleben.com,https://crt.sh/?id=606658943
www.raehowells.co.uk,https://crt.sh/?id=542311384
www.unlock-emea.com,https://crt.sh/?id=546130587
www.abdcct.co.uk,https://crt.sh/?id=580584050
*.owb.uk.com,https://crt.sh/?id=546126720
www.vinemedicalgroup.co.uk,https://crt.sh/?id=578595412
www.loewerewards.com,https://crt.sh/?id=539900586
www.hemphorizon.co.uk,https://crt.sh/?id=566913867
server.hearnden-daughters.co.uk,https://crt.sh/?id=589408081
kinetech.online,https://crt.sh/?id=551668668
coralancloud.autoentrysystems.ie,https://crt.sh/?id=551449603
www.regainhearing.co.uk,https://crt.sh/?id=553620016
*.lakesideclassics.uk.com,https://crt.sh/?id=542259347
*.vygon.co.uk,https://crt.sh/?id=575911226
exchange.caad-valais.ch,https://crt.sh/?id=575969521
www.audreypaterson.com,https://crt.sh/?id=565084759
www.garages-direct.co.uk,https://crt.sh/?id=558082255
access.ifahotelsresorts.com,https://crt.sh/?id=575896651
www.acrobatmarketingsolutions.uk.com,https://crt.sh/?id=579999653
mail.kenwayengineering.com,https://crt.sh/?id=576003106
www.hostile-environment-training.com,https://crt.sh/?id=606496635
www.greenconstructionboard.org,https://crt.sh/?id=597886475
*.sollis.thirdparty.nhs.uk,https://crt.sh/?id=574088810
www.agaia.co.uk,https://crt.sh/?id=566993463
www.letsgopeakdistrict.co.uk,https://crt.sh/?id=567020929
www.wealth-training-company.com,https://crt.sh/?id=568722108
www.richardcoandesign.co.uk,https://crt.sh/?id=569489355
www.goldiemag.co.uk,https://crt.sh/?id=576028996
wearewaxon.co.uk,https://crt.sh/?id=575540419
demo.aktuarlife.com,https://crt.sh/?id=606684860
ucr.uk.com,https://crt.sh/?id=601431128
www.pskweb.co.uk,https://crt.sh/?id=580142612
webstercity.com,https://crt.sh/?id=568724202
www.happydecluttering.co.uk,https://crt.sh/?id=628476600
www.timeandspace-interior.co.uk,https://crt.sh/?id=628380918
www.nfts.airbus.com,https://crt.sh/?id=600497151
www.decadencesalon.co.uk,https://crt.sh/?id=622803684
www.thelowerbuck.com,https://crt.sh/?id=622803684
www.everestlawsolicitors.co.uk,https://crt.sh/?id=574178470
www.dailyimpact.org.uk,https://crt.sh/?id=586284992
canomod.com,https://crt.sh/?id=584392045
www.cpfuelinjection.co.uk,https://crt.sh/?id=606277595
oakworthfp.co.uk,https://crt.sh/?id=626712902
www.mahanteshkaroshi.co.uk,https://crt.sh/?id=629036757
*.bluecoatbeechdale.uk.com,https://crt.sh/?id=593051280
*.bluecoat.uk.com,https://crt.sh/?id=604819286
bigrockresort.com,https://crt.sh/?id=599393621
www.kcandles.co.uk,https://crt.sh/?id=627919030
www.belisamacandles.wales,https://crt.sh/?id=593194811
www.csfn-aicsf.com,https://crt.sh/?id=601372657
www.leosharpphotography.co.uk,https://crt.sh/?id=624384194
www.jessicaandspencer.co.uk,https://crt.sh/?id=624376331
www.igers.co.uk,https://crt.sh/?id=616872706
www.epecltd.co.uk,https://crt.sh/?id=604006004
vps13450994.123-vps.co.uk,https://crt.sh/?id=596916855
www.amandaharvey.co.uk,https://crt.sh/?id=607353644
*.bedford.ac.uk,https://crt.sh/?id=630960362
www.cityoflondongroup.com,https://crt.sh/?id=620024976
www.cimdisplay.co.uk,https://crt.sh/?id=626787486
www.chrisleephoto.com,https://crt.sh/?id=605060986
www.taketheexit.co.uk,https://crt.sh/?id=643661059
www.dexr.uk,https://crt.sh/?id=607688575
www.barrelhunter.co.uk,https://crt.sh/?id=646454965
www.blowthedustoff.co.uk,https://crt.sh/?id=611578363
www.abeckford.co.uk,https://crt.sh/?id=640146925
www.tradecolourprinting.co.uk,https://crt.sh/?id=643665069
www.tuspec.co.uk,https://crt.sh/?id=610289059
www.thomasridgemagicwords.com,https://crt.sh/?id=616555156
www.beadandwoolshop.co.uk,https://crt.sh/?id=624580916
www.thestoveandfireplace.co.uk,https://crt.sh/?id=616426949
www.fgfgas.com,https://crt.sh/?id=614501135
www.iphoneflick.com,https://crt.sh/?id=616794973
www.av-ksk-laftbw.de,https://crt.sh/?id=607254582
www.laftbw.de,https://crt.sh/?id=607262105
www.bossbabies.co.uk,https://crt.sh/?id=617876439
www.fintechparitypledge.org,https://crt.sh/?id=618164204
www.theyoganidra.co.uk,https://crt.sh/?id=619145529
*.handisos.co.uk,https://crt.sh/?id=619716575
www.gsm-1.com,https://crt.sh/?id=619787541
onlinedrivinglicense.info,https://crt.sh/?id=626907508
*.nectere.co.uk,https://crt.sh/?id=619647144
remote.mssl.uk.com,https://crt.sh/?id=631020143
www.wearewaxon.com,https://crt.sh/?id=626695933
hydro-fuel.co.uk,https://crt.sh/?id=637700747
remote.compass101.com,https://crt.sh/?id=626843262
step-koeln.de,https://crt.sh/?id=621998916
acedges4b.7p-group.com,https://crt.sh/?id=621398283
www.monkeyinvoice.com,https://crt.sh/?id=629691891
www.p-m-a.co.uk,https://crt.sh/?id=628464565
ams-hoa.com,https://crt.sh/?id=628503998
www.hattonandharding.com,https://crt.sh/?id=637151607
www.yorkshirehairreplacementclinic.co.uk,https://crt.sh/?id=637598060
desktop.ems-uk.org,https://crt.sh/?id=631958613
www.smhlawspokane.com,https://crt.sh/?id=629826360
www.ajp-bathrooms.co.uk,https://crt.sh/?id=637022912
www.obanmusicsociety.org,https://crt.sh/?id=632031473
www.leadingonpurpose.org.uk,https://crt.sh/?id=635562407
*.auditapp.uk.com,https://crt.sh/?id=637777853
www.boffox.com,https://crt.sh/?id=635578691
www.plasticsuk.com,https://crt.sh/?id=636149017
owa.haeuserkg.de,https://crt.sh/?id=636202281
www.primal40.com,https://crt.sh/?id=637647770
www.belvedere-wittenbeck.de,https://crt.sh/?id=637667965
cloud-celeris.cl,https://crt.sh/?id=637870733
www.floormasteryorkshire.co.uk,https://crt.sh/?id=638216021
(Assignee)

Comment 1

7 months ago
1.How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the time and date.
      A.GoDaddy has been proactively performing self-audits.

2.A timeline of the actions your CA took in response. A timeline is a date-and-time-stamped sequence of all relevant events. This may include events before the incident was reported, such as when a particular requirement became applicable, or a document changed, or a bug was introduced, or an audit was done.
      A. A timeline of the Events for Revocation are as follows: 

         8/13 9:30am – Exploit issue surfaced as possible revocation event. 
         8/13 9:30-4pm – Issue scope identification (at this point it was unknown), gathering certificate list 
         8/13 4pm – Certificate list finalized for revoke total 825 certs, Revoke notification sent to cert owners. 
         8/14 1:30pm – All certificates revoked. 

         Further research identified 40 certificates which contained re-use of suspect validation information. 
         8/15 – 2pm – Additional certificates identified due to re-use. 
         8/15 – 2:30pm – Customers notified of pending revoke. 
         8/16 – 12:30pm – All certificated revoked.

3.Whether your CA has stopped, or has not yet stopped, issuing certificates with the problem. A statement that you have will be considered a pledge to the community; a statement that you have not requires an explanation.
      A. The bug was closed hours after identification. 

4.A summary of the problematic certificates. For each problem: number of certs, and the date the first and last certs with that problem were issued.
      A. One issue, 865 certificates.

5.The complete certificate data for the problematic certificates. The recommended way to provide this is to ensure each certificate is logged to CT and then list the fingerprints or crt.sh IDs, either in the report or as an attached spreadsheet, with one list per distinct problem.
      A. See earlier in the bug, whereby all the certs in crt.sh were linked.

6.Explanation about how and why the mistakes were made or bugs introduced, and how they avoided detection until now.
      A. This bug was introduced November 2014. It was due to an oversight, as token type was not being verified in one method.

7.List of steps your CA is taking to resolve the situation and ensure such issuance will not be repeated in the future, accompanied with a timeline of when your CA expects to accomplish these things.
      A. The defect was closed within hours of discovery. 
      B. We have been proactively reviewing our code base for defects, which could lead to validation issues. This is an example of us proactively preventing future occurrences.

Comment 2

7 months ago
Daymion,

As you've reported this issue resolved, I'm hoping you can shed more details about the nature of the defect. I'm having trouble understanding how the scenario would work and the problem manifest. For CAs that support these multiple methods, having greater details can help spark thought for their own systems, as well as help the Forum and community at large provide better guidance around the methods.

If I can speculate, it sounds like arbitrary Applicants could generate Random Values for .6/.7 methods. In order to issue a certificate, they would need to demonstrate positive control over the appropriate systems (the website or DNS). For example, john@evil.attacker.com could create such an request - but would be stuck pending verification. However, something about GoDaddy's system would allow john@evil.attacker.com to construct (predict?) a confirming response used for .2. Despite the Random Value not having been delivered via .2, and despite the fact that john@evil.attacker.com was not the Domain Contact, this would cause a state transition from "pending verification" to "verified". Can you share more details, including whether or not that's a correct understanding?

From your timeline, you mentioned "Further research identified". I'm hoping you would be able to speak more to your incident management process here, as this can hopefully provide a better template for other CAs that find themselves in similar situations, and can hopefully reduce the gaps in timeframes (between 8/13 4PM and 8/15 2pm)
Flags: needinfo?(dreynolds)

Comment 3

6 months ago
Any updates?
(Assignee)

Comment 4

5 months ago
Sorry for the late reply, as this email notification for this defect was being caught by the spam filter. 

The scenario described would not have been possible as part of the vulnerability that was discovered.  It was not, and remains impossible, for an attacker to use a self-generated Random Value to verify a certificate in any way.  

Our system generates one Random Values for .6/.7 methods and a different Random Value for .2 method. The Random Value for .2 was only ever emailed to the Domain Contact.  Effectively the Random Values generated for .6/.7 could have been used under special  circumstances for .2. 

The initial data pull did not include certificates that had been issued as a result of re-use of this particular validation information.  We have updated our incident management process to include this use case on for any potential future incident. 

Hope this clarifies things.
Flags: needinfo?(dreynolds)
(Reporter)

Updated

3 months ago
Status: NEW → RESOLVED
Last Resolved: 3 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.