Ssl Tls X509 Uses Dangerous Wildcard
Description
Detects SSL certificates using dangerous wildcard patterns that could allow attackers to spoof legitimate subdomains. A wildcard certificate matching pattern like *.example.com allows any subdomain to be validated, potentially enabling phishing attacks if an attacker can register arbitrary subdomains.
Detection Strategy
• Certificate's subject alternative names (SANs) include wildcard patterns (e.g. *.example.com)
• The accessed domain name does not exactly match any of the certificate's valid domain names
• The accessed domain matches one of the certificate's wildcard patterns
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.