Marcus Brinkmann presented the Application Layer Protocol Confusion-Analyzing and Mitigating Cracks in TLS Authentication (ALPACA) attack at Black Hat USA 2021 and USENIX Security Symposium 2021 supported by the ALPACA research paper.

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using wildcard certificates or multi-domain TLS certificates. Man-in-the-Middle (MitM) attackers could redirect traffic from one subdomain to another, which would result in a valid TLS session. The result is the authentication of TLS is broken and cross-protocol attacks are possible. Marcus Brinkmann states, “The basic principle is that an attacker can redirect traffic intended for one service to another, because TLS does not protect the IP address or port number.”

The generic attack would require a MitM attacker to intercept and divert traffic at the TCP/IP layer. If an application server is run such as FTP or email on non-standard ports that are not blocked by browsers, then they may be vulnerable to the web attacker variant of ALPACA attack.

There are three possible ways for an attacker to use cross-protocol attacks against web servers exploiting vulnerable FTP or email servers:

  • Upload Attack – attacker exfiltrates authentication cookies or other private data
  • Download Attack – attacker executes a stored cross-site scripting (XSS) attack
  • Reflection Attack – attacker executes a reflected XSS in the context of the victim website

The National Security Agency (NSA) is concerned about poorly scoped wildcard TLS certificates and the ALPACA attack and provides the Cybersecurity Information Sheet, “Avoid Dangers of Wildcard TLS Certificates and the ALPACA Technique.”

NSA recommends the following to mitigate the ALPACA attack:

  • Understand the use and scope of each wildcard and multi-domain TLS certificate
  • Deploy an application gateway or web application firewall in front of servers, including non-HTTP servers
  • Use encrypted DNS and validating DNS security extensions to prevent DNS redirection
  • Enable Application-Layer Protocol Negotiation (APLN), a TLS extension that allows the server/application to specify permitted protocols where possible; see strict verification of ALPN and SNI
  • Ensure use of web browsers at the latest version with current updates

Entrust also has been concerned with wildcard and multi-domain TLS certificates and has provided a white paper on Private-Key Duplication – The safe use of wildcard and multi-server certificates. It is recommended wildcard and multi-domain TLS certificates not be used unless safeguards are implemented to mitigate the case of key compromise.

Please review how your wildcard and multi-domain TLS certificates are used, protect your private key, follow NSA recommendations, and mitigate the ALPACA attack.