Published December 22, 2022 | Version v7
Report Open

OID Takeover due to IANA's-PEN-Modification-Request Improper Access Control

Authors/Creators

Contributors

Researcher:

Description

Ability of adversary to takeover entries of  ICANN'S IANA's OID Registry due to improper authentication, authorization and access control.

There has been a Coordinated Vulnerability Disclosure attempt (CVD) with ICANN (and IANA), but there was no response.

Even though there have been, at least, two (2) attempts to register a Common Vulnerabilities and Exposures (CVE) Number by The Mitre Corporation (MITRE), there has been no meaningful response.

Notes

The original license in the PDF's metadata is "Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)" (https://creativecommons.org/licenses/by-nc-sa/4.0/). To clarify, the file is re-licensed according to the information of this DOI ("Creative Commons Attribution 4.0 International" (http://creativecommons.org/licenses/by/4.0/)).

Files

1. IANA OID CVE Request.pdf

Files (2.5 MB)

Name Size Download all
md5:fbbdfcd8d6408c03d68a4dc3611635c0
1.5 MB Preview Download
md5:1ea830b02dd66f42377afa7cdfea0799
934.8 kB Preview Download

Additional details

Identifiers

URL
https://www.researchgate.net/publication/370593769_OID_Takeover_due_to_IANA's-PEN-Modification-Request_Improper_Access_Control

Related works

Has part
10.13140/RG.2.2.27590.45121 (DOI)