Autonomous collision attack on OCSP services
This exposes critical vulnerabilities in a widely used protocol for real-time digital certificate management, posing risks to application layer security.
The paper identified two design flaws in the Online Certificate Status Protocol (OCSP) that allow malicious actors to forge signed certificate statuses and potentially certificates, compromising security in PKI environments.
The paper describes two important design flaws in Online Certificate Status Protocol (OCSP), a protocol widely used in PKI environments for managing digital certificates' credibility in real time. The flaws significantly reduce the security capabilities of the protocol, and can be exploited by a malicious third party to generate forged signed certificate statuses and, in the worst scenario, forged certificates. Description of the flaws, along with expected exploitation routes, consequences for consuming application layer protocols, and proposed countermeasures, is given.