How can we profit from other's certificates?

Question

How can we profit from other's certificates?

Closed this issue 5 years ago · 10 comments

In this activity, a backdoor should allow an arbitrary user to get certificate of an arbitrary person (e.g., a certificate of Elizabeth).

So, it seems like that certificates in this activity play a role as flags in CTF.
However, I don't understand what we can get profit from other's certificates.
We cannot even make MitM attacks, since we don't have a private key.

Is this out of scope, or a problem we don't need to consider?
I just cannot understand the concepts.

sangkilc commented 5 years ago

2

Answer 1 · 2019-03-24T13:15:04.000Z

CTF에서 flag를 얻었다고 해서 그 flag로 어떤 의미있는 무언가를 할 수 있는 것이 아니듯이,
이번 activity에서 만들게 될 backdoor를 통해 얻게 된 certificate으로 무언가를 할 수 없다는 사실은
이 activity와는 크게 관련이 없는 문제라고 생각합니다.

얻게되는 정보가 certificate라는 사실보다는 backdoor가 허락되지 않은 '어떤 비밀 정보'를 얻게 한다는 사실 자체에 집중하시면 도움이 될 것 같습니다.

Answer 2 · 2019-03-24T13:17:00.000Z

얻게되는 정보가 certificate라는 사실보다는 backdoor가 허락되지 않은 '어떤 비밀 정보'를 얻게 한다는 사실 자체에 집중하시면 도움이 될 것 같습니다.

Is certificate secret in general?

Answer 3 · 2019-03-24T13:20:24.000Z

I have a one more question on this.

In this activity, a backdoor should allow an arbitrary user to get certificate of an arbitrary person (e.g., a certificate of Elizabeth).

Is it true that even unregistered user, which is also an arbitrary user, can trigger the backdoor?

Answer 4 · 2019-03-24T13:22:02.000Z

Is it true that even unregistered user, which is also an arbitrary user, can trigger the backdoor?

네

Answer 5 · 2019-03-24T13:23:05.000Z

Is certificate secret in general?

일반적으로는 아니라고 생각되지만, 언제나 그렇듯이 모든 정보는 경우에 따라서 비밀정보가 될 수 있으며 이번 activity의 설정상 그렇게 되었다고 생각됩니다.

일반적으로 사람의 이름은 비밀정보가 아니지만, 국정원 요원의 진짜 이름은 비밀정보이다...? 가 좋은 예시가 될 것 같기도 하네요

Answer 6 · 2019-03-25T00:55:15.000Z

We cannot even make MitM attacks, since we don't have a private key.

No, you create your own key with someone else's credential and then get sign from the CA via a backdoor. That's the whole point. You don't get existing certificate from the server. That doesn't mean anything.

Is it true that even unregistered user, which is also an arbitrary user, can trigger the backdoor?

You can do whatever you like.

Answer 7 · 2019-03-25T00:56:51.000Z

You can close this issue if it resolves your concern.

Answer 8 · 2019-03-25T01:30:48.000Z

No, you create your own key with someone else's credential and then get sign from the CA via a backdoor. (...) You don't get existing certificate from the server.

Now, I got the point.

You can do whatever you like.

I understand this to mean that it is ok that unregistered user cannot trigger the backdoor.

Answer 9 · 2019-04-03T07:23:17.000Z

A registered (and authenticated) user should be able to download a certificate from the service. (Reference)

Authenticated users can download only their own certificates.
Authenticated users can download even other people's certificates.

Which one is right?