Cybersecurity Advisory: HTTPS Interception May Impair TLS Security

March 23, 2017

Threat Summary

The United States Computer Emergency Readiness Team (“US-CERT”) announced last week that HTTPS interception may weaken Transport Layer Security (TLS), a widely used cryptographic protocol that encrypts communication between the client and the server. This issue may cause browsers to not validate HTTPS connections, therefore increasing the probability of a man-in-the-middle (“MiTM”) attack via malware that uses HTTPS connections to malicious servers. MiTM attacks may cause sensitive information to be stolen.

For US-CERT’s report, see https://www.us-cert.gov/ncas/alerts/TA17-075A.

For a list of possibly affected sites, see https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html.
 

ACA Aponix Guidance

ACA Aponix suggests following the guidelines provided by US-CERT:

  • If you use HTTPS inspection products, verify that they are performing correct TLS certificate validation and are providing warning or error messages to users.
  • To perform HTTPS inspection without client warnings, administrators must install trusted certificates on client devices.These certificates must be protected to avoid man-in-the-middle attacks.

If you have any questions, please contact your ACA Aponix consultant or email us at info@acaaponix.com