OID Takeover due to IANA's-PEN-Modification-Request Improper Access Control

ARGYROU, MINAS

doi:10.5281/zenodo.7909272

Published December 22, 2022 | Version v5

Report Open

OID Takeover due to IANA's-PEN-Modification-Request Improper Access Control

ARGYROU, MINAS¹

1. AGRICULTURAL UNIVERSITY OF ATHENS (GREECE)

Contributors

Researcher:

ARGYROU, MINAS¹

1. AGRICULTURAL UNIVERSITY OF ATHENS (GREECE)

Ability of adversary to takeover entries of ICANN'S IANA's OID Registry due to improper authentication, authorization and access control.

There has been a Coordinated Vulnerability Disclosure attempt (CVD) with ICANN (and IANA), but there was no response.

Even though there have been, at least, two (2) attempts to register a Common Vulnerabilities and Exposures (CVE) Number by The Mitre Corporation (MITRE), there has been no meaningful response.

Notes

The original license in the PDF's metadata is "Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)" (https://creativecommons.org/licenses/by-nc-sa/4.0/). To clarify, the file is re-licensed according to the information of this DOI ("Creative Commons Attribution 4.0 International" (http://creativecommons.org/licenses/by/4.0/)).

Files

IANA OID CVE Request.pdf

Files (2.5 MB)

Name	Size	Download all
IANA OID CVE Request.pdf md5:e1f4737c63b00d5ac31314b2e9416548	1.5 MB	Preview Download
Second_in_Order_File.E-mail Communications.pdf md5:91de42d7f2aa23ac47495b2f796234f4	927.2 kB	Preview Download

	All versions	This version
Views	687	37
Downloads	714	59
Data volume	1.1 GB	90.5 MB

OID Takeover due to IANA's-PEN-Modification-Request Improper Access Control

Authors/Creators

Contributors

Researcher:

Description

Notes

Files

IANA OID CVE Request.pdf

Files (2.5 MB)