#nsec3 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #nsec3, aggregated by home.social.
-
@rmbolger @bortzmeyer maybe, but setting things up is horribly complicated. It takes way too many steps to set up a decent domain name zone. (Only email is worse and that includes DNS tricks, too). Today as I bought a fresh name, I was scratching my head about adding DS record in an over complicated web interface only to figure out I should stop using salting, reduce the number of hashing rounds and while am I here replace the algorithm. #nsec3 #dnssec
-
Did you know your DNS security could accidentally leak your entire subdomain structure? Enter DNSSEC with NSEC/NSEC3 records, which is great for ensuring integrity and authentication but can also be a sneaky way for attackers to ‘zone walk’ and enumerate your domains...
Darrell Hall breaks it down in our latest blog post: https://www.pentestpartners.com/security-blog/dnssec-nsec-the-accidental-treasure-map-to-your-subdomains/
What's covered:
• How NSEC/NSEC3 can inadvertently expose DNS data
• The difference between zone transfers and zone walking
• How to crack NSEC3 records (and why you should care)
• Real-world examples and mitigation strategies#DNSSEC #CyberSecurity #Infosec #DNS #NSEC #NSEC3 #ZoneWalking #ThreatIntel
-
Did you know your DNS security could accidentally leak your entire subdomain structure? Enter DNSSEC with NSEC/NSEC3 records, which is great for ensuring integrity and authentication but can also be a sneaky way for attackers to ‘zone walk’ and enumerate your domains...
Darrell Hall breaks it down in our latest blog post: https://www.pentestpartners.com/security-blog/dnssec-nsec-the-accidental-treasure-map-to-your-subdomains/
What's covered:
• How NSEC/NSEC3 can inadvertently expose DNS data
• The difference between zone transfers and zone walking
• How to crack NSEC3 records (and why you should care)
• Real-world examples and mitigation strategies#DNSSEC #CyberSecurity #Infosec #DNS #NSEC #NSEC3 #ZoneWalking #ThreatIntel
-
Did you know your DNS security could accidentally leak your entire subdomain structure? Enter DNSSEC with NSEC/NSEC3 records, which is great for ensuring integrity and authentication but can also be a sneaky way for attackers to ‘zone walk’ and enumerate your domains...
Darrell Hall breaks it down in our latest blog post: https://www.pentestpartners.com/security-blog/dnssec-nsec-the-accidental-treasure-map-to-your-subdomains/
What's covered:
• How NSEC/NSEC3 can inadvertently expose DNS data
• The difference between zone transfers and zone walking
• How to crack NSEC3 records (and why you should care)
• Real-world examples and mitigation strategies#DNSSEC #CyberSecurity #Infosec #DNS #NSEC #NSEC3 #ZoneWalking #ThreatIntel
-
Great coverage by Jan Doskočil of NSEC3 hash enumeration, and cracking with hashcat. Also good info about the limits of making that harder (some resolvers cap the work factor they will resolve!)
https://infosec.exchange/@jpmens@mastodon.social/114019491327504188
Via @jpmens
-
Looks like @sans_isc picked up on an exploit for KeyTrap - I haven't tested it yet, and it is explicitly documented as being defanged, but looks legit on the surface:
https://github.com/knqyf263/CVE-2023-50387
Added to my roll-up post.
-
Looks like @sans_isc picked up on an exploit for KeyTrap - I haven't tested it yet, and it is explicitly documented as being defanged, but looks legit on the surface:
https://github.com/knqyf263/CVE-2023-50387
Added to my roll-up post.
-
Looks like @sans_isc picked up on an exploit for KeyTrap - I haven't tested it yet, and it is explicitly documented as being defanged, but looks legit on the surface:
https://github.com/knqyf263/CVE-2023-50387
Added to my roll-up post.
-
Looks like @sans_isc picked up on an exploit for KeyTrap - I haven't tested it yet, and it is explicitly documented as being defanged, but looks legit on the surface:
https://github.com/knqyf263/CVE-2023-50387
Added to my roll-up post.
-
Looks like @sans_isc picked up on an exploit for KeyTrap - I haven't tested it yet, and it is explicitly documented as being defanged, but looks legit on the surface:
https://github.com/knqyf263/CVE-2023-50387
Added to my roll-up post.
-
I have two posts about the new multi-implementation DNSSEC validation DoS vulnerabilities CVE-2023-50387 ("KeyTrap") and CVE-2023-50868 (the NSEC3 vuln):
- The big summary post (more editing - your client may notify you about each edit, which may be a feature):
https://infosec.exchange/@tychotithonus/111924626712765292
- The post you're reading (low editing, minimal noise, but you might want to check the big post occasionally for updates).
#keytrap #nsec3 #CVE202350387 #CVE202350868 #CVE_2023_50387 #CVE_2023_50868
#dns #dnssec -
CW: New multi-implementation DNSSEC validation DoS vulnerabilities - CVE-2023-50387 ("KeyTrap"), CVE-2023-50868 (NSEC3 vuln)
(living doc, updated regularly - if you prefer a low-edit post to boost, use https://infosec.exchange/@tychotithonus/111926621712441626)
Looks like DNS-OARC coordinated fixes in advance, but no centralized analysis at first other than the announcement from the team who discovered KeyTrap:
Press release: https://www.athene-center.de/en/news/press/key-trap
Technical paper (released 2/15): https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf
DNS-OARC dns-ops announcement: https://lists.dns-oarc.net/pipermail/dns-operations/2024-February/022436.html
RIPE blog post by one of the authors: https://labs.ripe.net/author/haya-shulman/keytrap-algorithmic-complexity-attacks-exploit-fundamental-design-flaw-in-dnssec/
Apparently builds on this 2019 vulnerability (h/t letoams @defcon.social):
https://
essay.utwente.nl/78777/
Details may be still partially embargoed until patching ramps up.
Analysis:
DoS of all major DNSSEC-validating DNS resolvers (servers, but also maybe local resolvers like systemd's?) at the implementation level. Exploitation described as 'trivial'. Both are CVSS 7.5. DNS is a rich ransom target - but some resolver setups don't even validate DNSSEC.
"In 2012 the vulnerability made its way into the implementation requirements for DNSSEC validation, standards RFC 6781 and RFC 6840" (per ATHENE)
Per the Unbound writeup, both vulns require query to a malicious zone (which is probably not hard to trigger, for any DNSSEC-enabled client or server).
Resolution: patch (recommended); disable DNSSEC validation (discouraged, but can buy you time / mitigate active DoS)
Fixes mitigate the exhaustion by putting caps on validation activities. These caps appear to have been missing from most implementations.
Details:
Two DNSSEC DoS CVEs:
CVE-2023-50387 ("KeyTrap"): "DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers" (CVSS 7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
https://seclists.org/oss-sec/2024/q1/125(KeyTrap was discovered by ATHENE - their press release here has very important detail:
https://www.athene-center.de/en/news/press/key-trap)CVE-2023-50868: "NSEC3 closest encloser proof can exhaust CPU" (CVSS 7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HMITRE links (now populated):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868Vulmon queries:
https://vulmon.com/searchpage?q=CVE-2023-50387
https://vulmon.com/searchpage?q=CVE-2023-50868VulDB:
https://vuldb.com/?id.253829Resolver status:
BIND (patched - vuln since 2000?):
https://fosstodon.org/@iscdotorg/111924416653890048
https://kb.isc.org/docs/cve-2023-50387
https://kb.isc.org/docs/cve-2023-50868
https://seclists.org/oss-sec/2024/q1/125
https://www.isc.org/blogs/2024-bind-security-release/
(note: posts say "Versions prior to 9.11.37 were not assessed." but also have a range of affected versions starting at 9.0.0 - typo?)BIND tools:
dig: no validation
kdig: no validation
delv: affected, patcheddnsmasq (patched - 2.90 has fix):
https://thekelleys.org.uk/dnsmasq/CHANGELOG
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.htmlKnot (patched in 5.7.1):
https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html
(kzonecheck also affected, patched?)ldns-verify-zone:
affected per ATHENE paperOPNsense (patched):
https://forum.opnsense.org/index.php?topic=38939.msg190655#pfSense:
(Bundled Unbound: plan appears to be to make a separate package available for manual update?; BIND: optional package)
https://forum.netgate.com/topic/186145/unbound-cve-2023-50387-and-cve-2023-50868/1
https://redmine.pfsense.org/issues/15256Pi-Hole (uses dnsmasq - patch available)
https://www.patreon.com/posts/dnssec-fix-98498055
https://pi-hole.net/blog/2024/02/13/fixing-two-new-dnssec-vulnerabilities/PowerDNS (patched - all versions affected):
https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released
https://github.com/PowerDNS/pdns/pull/13781
https://github.com/PowerDNS/pdns/pull/13784
https://seclists.org/oss-sec/2024/q1/130Stubby:
[?]
https://github.com/getdnsapi/stubbysystemd.resolved:
[?]Ubiquiti
[?]Unbound (patched - vuln since Aug 2007):
https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt
https://seclists.org/oss-sec/2024/q1/126Library status:*
dnspython (GitHub patched):
affected per ATHENE paper
https://github.com/rthalley/dnspython/commit/a1a998938b7370dae41784f8bc0a841dc2addba9getdns (used by stubby - no patched release?):
affected per ATHENE paper
https://getdnsapi.net/releases/ldns (not yet patched?):
affected per ATHENE paper
https://github.com/NLnetLabs/ldnslibunbound (used by Unbound):
affected per ATHENE paper
no recent patches?
https://github.com/NLnetLabs/unbound/tree/master/libunboundCloud status:
Akamai:
https://www.akamai.com/blog/security/dns-exploit-keytrap-posed-major-internet-threatCloudflare:
https://blog.cloudflare.com/remediating-new-dnssec-resource-exhaustion-vulnerabilitiesGoogle DNS:
(stated as patched in Register and SecurityWeek articles)
[?]NextDNS (patched per forum reply):
https://help.nextdns.io/t/h7yxwc5/does-dnssec-security-hole-keytrap-cve-2023-50387-affect-nextdnsOS status:
Debian:
BIND:
https://lists.debian.org/debian-security-announce/2024/msg00028.html
pdns-recursor:
https://lists.debian.org/debian-security-announce/2024/msg00033.html
Unbound:
https://lists.debian.org/debian-security-announce/2024/msg00027.htmlFedora:
https://bodhi.fedoraproject.org/updates/FEDORA-2024-e24211eff0FreeBSD:
https://cgit.freebsd.org/ports/commit/?id=58e048cad653819eebf91af5840e4b00f155bb1bGentoo:
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2023-50387Mageia:
https://bugs.mageia.org/show_bug.cgi?id=32846OpenBSD (unwind):
Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-50387
https://access.redhat.com/security/cve/CVE-2023-50387
https://access.redhat.com/security/cve/CVE-2023-50868SUSE:
https://www.suse.com/security/cve/CVE-2023-50387.html
https://bugzilla.suse.com/show_bug.cgi?id=1219823Ubuntu:
https://ubuntu.com/security/CVE-2023-50387
https://ubuntu.com/security/CVE-2023-50868
https://ubuntu.com/security/notices/USN-6633-1Windows (Server, DNS Role):
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387Package status:
BIND:
https://repology.org/project/bind/versionsdnsmasq:
https://repology.org/project/dnsmasq/versionsUnbound:
https://repology.org/project/unbound/versionsGitHub:
https://github.com/advisories/GHSA-8459-gg55-8qjjGo (Knot module?)
https://github.com/golang/vulndb/issues/2552Non-coverage: (no mentions known yet)
AWS :
[?]Azure (Microsoft Server DNS?):
[?]Cisco Umbrella:
https://umbrella.cisco.com/blog [?]CoreDNS:
https://coredns.io/blog/ [?]Infoblox:
https://blogs.infoblox.com/ [?]Quad9 DNS:
https://www.quad9.net/news/blog/ [?]News/Press/Forums
https://pducklin.com/2024/02/18/the-scary-dns-keytrap-bug-explained-in-plain-words/
https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/
https://news.ycombinator.com/item?id=39372384
https://www.darkreading.com/cloud-security/keytrap-dns-bug-threatens-widespread-internet-outages
Detection/Validation:
Check to see if a server is doing DNSSEC validation (if not an open recursive resolver, you may need to query a zone the server is authoritative for):
# zone signed, server DNSSEC-enabled:
$ delv example.net @8.8.8.8
; fully validated
example.net. 4437 IN A 93.184.216.34
example.net. 4437 IN RRSIG A 13 2 86400 20240225232039 20240204162038 18113 example.net. 94G2PRXins1G9ntfklvCq2mvcgqjB0z9FqQXp77lD/wXR4J3D67ceih1 yNgsYYqlIAOoWKXUekux6Zq9aIwszQ==
# zone unsigned, server DNSSEC-enabled:
$ delv google.com @8.8.8.8
; unsigned answer
google.com. 100 IN A 142.250.69.206Tenable:
https://www.tenable.com/plugins/pipeline/issues/165587Snyk:
https://security.snyk.io/vuln/SNYK-UNMANAGED-BIND-6245755Exploits:
(multiple sources describe as "trivial")
https://github.com/knqyf263/CVE-2023-50387 (not tested)
#keytrap #nsec3 #CVE202350387 #CVE202350868 #CVE_2023_50387 #CVE_2023_50868
#dns #dnssec -
#dnspython 2.5 released
Among the changes, still no options to generate #NSEC3 signatures when using the zone signing function, but it seems it's coming : "[t]he NSEC3 class now has a next_name() method for retrieving the next name as a dns.name.Name"
https://dnspython.readthedocs.io/en/stable/whatsnew.html#id1
-
Your random #DNS and #DNSSEC facts of the day.
As of today (2023-09-24):
- 1465 TLDs in the root zone
- 1354 are signed. That's 92.4% of all TLDs
- 1311 are using NSEC3. That's 89.5% of all TLDs and 96.8% of all signed TLDs
- 644 are following RFC 9276's recommended #NSEC3 parameters. That's 43.9% of all TLDs, 47.5% of all signed TLDs and 49.1% of all signed TLDs using NSEC3 -
I’ve received on my postmaster@ address a message from some security researchers warning me of the “insecure” #DNSSEC configuration of my domain, so for the record:
My domain (incenp.org) is configured to use #NSEC, and not #NSEC3, on purpose. This is not a misconfiguration. I weighed the pros and cons of NSEC3, and decided it was just not worth it.
Yes, people could use NSEC records to enumerate all the DNS records of my zone. So what?
Usually I am not a fan (and that’s an euphemism) of the “if you have nothing to hide, you have nothing to fear” argument, but in this case, there is really nothing to hide in my DNS zone. I would happily give a list of all the records (or even the original master zone file) to anyone who asks for it.
Actually last time I checked, one of the slave DNS servers I use was even configured to allow #AXFR requests from anywhere, and I never bothered to contact the admin of that server to ask him to do anything about it. So if you want the entirety of my zone’s records, don’t waste your time mounting a NSEC enumeration attack, just ask the right server.
-
I’ve received on my postmaster@ address a message from some security researchers warning me of the “insecure” #DNSSEC configuration of my domain, so for the record:
My domain (incenp.org) is configured to use #NSEC, and not #NSEC3, on purpose. This is not a misconfiguration. I weighed the pros and cons of NSEC3, and decided it was just not worth it.
Yes, people could use NSEC records to enumerate all the DNS records of my zone. So what?
Usually I am not a fan (and that’s an euphemism) of the “if you have nothing to hide, you have nothing to fear” argument, but in this case, there is really nothing to hide in my DNS zone. I would happily give a list of all the records (or even the original master zone file) to anyone who asks for it.
Actually last time I checked, one of the slave DNS servers I use was even configured to allow #AXFR requests from anywhere, and I never bothered to contact the admin of that server to ask him to do anything about it. So if you want the entirety of my zone’s records, don’t waste your time mounting a NSEC enumeration attack, just ask the right server.
-
I’ve received on my postmaster@ address a message from some security researchers warning me of the “insecure” #DNSSEC configuration of my domain, so for the record:
My domain (incenp.org) is configured to use #NSEC, and not #NSEC3, on purpose. This is not a misconfiguration. I weighed the pros and cons of NSEC3, and decided it was just not worth it.
Yes, people could use NSEC records to enumerate all the DNS records of my zone. So what?
Usually I am not a fan (and that’s an euphemism) of the “if you have nothing to hide, you have nothing to fear” argument, but in this case, there is really nothing to hide in my DNS zone. I would happily give a list of all the records (or even the original master zone file) to anyone who asks for it.
Actually last time I checked, one of the slave DNS servers I use was even configured to allow #AXFR requests from anywhere, and I never bothered to contact the admin of that server to ask him to do anything about it. So if you want the entirety of my zone’s records, don’t waste your time mounting a NSEC enumeration attack, just ask the right server.
-
His plan was perfect... And then he realized he forgot about #NSEC3 🤦♂️
Ok, NSEC3 hash is predictable.
How about, taking a signed zone file, changing one NSEC3 record and recreate the corresponding RRSIG? 😏