There is a newer version of the record available.

Published December 22, 2022 | Version v3
Report Open

OID Takeover due to IANA's-PEN-Modification-Request Improper Access Control

Authors/Creators

  • 1. AGRICULTURAL UNIVERSITY OF ATHENS (GREECE)

Contributors

Researcher:

  • 1. AGRICULTURAL UNIVERSITY OF ATHENS (GREECE)

Description

Ability of adversary to takeover entries of  ICANN'S IANA's OID Registry due to improper authentication, authorization and access control.

There has been a Coordinated Vulnerability Disclosure attempt (CVD) with ICANN (and IANA), but there was no response.

Even though there have been, at least, two (2) attempts to register a Common Vulnerabilities and Exposures (CVE) Number by The Mitre Corporation (MITRE), there has been no meaningful response.

Notes

The original license in the PDF's metadata is "Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)" (https://creativecommons.org/licenses/by-nc-sa/4.0/). To clarify, the file is re-licensed according to the information of this DOI ("Creative Commons Attribution 4.0 International" (http://creativecommons.org/licenses/by/4.0/)).

Files

Second_in_Order.E-mail Communications.pdf

Files (919.6 kB)

Name Size Download all
md5:2546ba9d5be740ea48fb1028d692bc35
919.6 kB Preview Download