New security tests, October 19, 2017: ROCA – vulnerable RSA generation

Today’s update brings you 21 new security modules that test your site for a range of vulnerabilities including more WordPress vulnerabilities and ROCA (vulnerable RSA generation). 

Highlighted vulnerability: CVE-2017-15361 ROCA (Vulnerable RSA generation)

What can happen if I’m vulnerable?

An attacker can generate a valid private key based only on your certificate. This in turn lets them do anything one can do with your private key including encrypting traffic, decrypting traffic and impersonating your website.

Who is affected by this vulnerability?

The vulnerability comes from a software library used in cryptography hardware made by Infineon Technologies AG. The hardware has been used by several vendors for anything from TLS/HTTPS certificates to PGP and smart cards.

Anyone with a HTTPS certificate could potentially be vulnerable if they’re not sure how the keys were generated or if the keys were not generated in an environment they control. In practice relatively few HTTPS certificates were generated with Infineon hardware so most people should not actually be vulnerable.

What should I do if I see this finding in my Detectify report?

While scanning, Detectify fingerprints your public key. If ROCA is one of your findings, we recommend you contact your certificate issuer for details. The certificate needs to be revoked and replaced with new ones without this vulnerability. It’s very important that the old certificates are revoked or they could still be used by an attacker to impersonate your website.

More information

More details about CVE-2017-15361

How to test keys not connected to Detectify: Upload public key to https://keychest.net/roca or https://keytester.cryptosense.com to test your key.

Can I test PGP keys? Yes: Send a signed email to roca[at]keychest.net to obtain an automatic email response with the analysis of the signing key vulnerability.

Note all these services are third party services unrelated to Detectify.

Full list of new security tests

• WordPress Core Authenticated Open Redirect
• WordPress my-wp-translate Authenticated XSS
• WordPress wp-members Authenticated XSS
• WordPress caldera-forms Flash XSS
• WordPress use-any-font CSRF
• WordPress theme-my-login Authentication Bypass
• WordPress duplicate-page Authenticated XSS
• WordPress gallery-album Authenticated SQL Injection
• WordPress wp-smushit LFI
• WordPress custom-registration-form-builder-with-submission-manager Object Injection
• WordPress appointments Object Injection
• WordPress backwpup Backup Disclosure
• WordPress flickr-gallery Object Injection
• WordPress wp-special-textboxes Authenticated XSS
• WordPress pootle-button Authenticated XSS
• WordPress participants-database XSS
• WordPress wp-fastest-cache CSRF
• EpiServer Logout CSRF
• Atom .ftpconfig Disclosure
• “fingerprints found” finding
• CVE-2017-15361 ROCA (RSA Key Factoring)