OID Takeover due to IANA's-PEN-Modification-Request Improper Access Control

ARGYROU, MINAS

doi:10.5281/zenodo.7909264

Published December 22, 2022 | Version v4

Report Open

OID Takeover due to IANA's-PEN-Modification-Request Improper Access Control

ARGYROU, MINAS¹

1. AGRICULTURAL UNIVERSITY OF ATHENS (GREECE)

Contributors

Researcher:

ARGYROU, MINAS¹

1. AGRICULTURAL UNIVERSITY OF ATHENS (GREECE)

Ability of adversary to takeover entries of ICANN'S IANA's OID Registry due to improper authentication, authorization and access control.

There has been a Coordinated Vulnerability Disclosure attempt (CVD) with ICANN (and IANA), but there was no response.

Even though there have been, at least, two (2) attempts to register a Common Vulnerabilities and Exposures (CVE) Number by The Mitre Corporation (MITRE), there has been no meaningful response.

Notes

The original license in the PDF's metadata is "Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)" (https://creativecommons.org/licenses/by-nc-sa/4.0/). To clarify, the file is re-licensed according to the information of this DOI ("Creative Commons Attribution 4.0 International" (http://creativecommons.org/licenses/by/4.0/)).

Files

IANA OID CVE Request.pdf

Files (2.5 MB)

Name	Size	Download all
IANA OID CVE Request.pdf md5:5f5dbaf62021272490f2165fecea4d41	1.5 MB	Preview Download
Second_in_Order_File.E-mail Communications.pdf md5:13139df1bae445807ef08b45fcd7e448	923.4 kB	Preview Download

	All versions	This version
Views	711	49
Downloads	728	74
Data volume	1.1 GB	107.6 MB

OID Takeover due to IANA's-PEN-Modification-Request Improper Access Control

Authors/Creators

Contributors

Researcher:

Description

Notes

Files

IANA OID CVE Request.pdf

Files (2.5 MB)