OpenSSL Alternative Chains Certificate Forgery MITM Proxy
概要
This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.
Created: 2026-02-23
Indicators
Indicatorsは見つかっていない。
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 3.15
Matched TTPs:
- T1596.001 - DNS/Passive DNS
MITREへのリンク →
Score: 28.84
Matched TTPs:
- T1596.001 - DNS/Passive DNS
- T1590.003 - Network Trust Dependencies
- T1070.008 - Clear Mailbox Data
- T1069.001 - Local Groups
- T1547.002 - Authentication Package
- T1055.005 - Thread Local Storage
- T1587 - Develop Capabilities
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.82
Matched TTPs:
- T1596.001 - DNS/Passive DNS
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 19.20
Matched TTPs:
- T1596.001 - DNS/Passive DNS
- T1590.003 - Network Trust Dependencies
- T1071.001 - Web Protocols
- T1055.005 - Thread Local Storage
- T1548.006 - TCC Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 7.28
Matched TTPs:
- T1596.001 - DNS/Passive DNS
- T1547.015 - Login Items
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1596.001 - DNS/Passive DNS
MITREへのリンク →
Score: 5.44
Matched TTPs:
- T1596.001 - DNS/Passive DNS
- T1590.003 - Network Trust Dependencies
MITREへのリンク →
Score: 4.63
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 6.82
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1569.003 - Systemctl
MITREへのリンク →
Score: 5.44
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1001 - Data Obfuscation
MITREへのリンク →
Score: 10.28
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1547.002 - Authentication Package
- T1587 - Develop Capabilities
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 4.63
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 10.87
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1005 - Data from Local System
- T1547.002 - Authentication Package
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 7.88
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1587 - Develop Capabilities
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 4.81
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.78
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1001 - Data Obfuscation
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 8.82
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1078 - Valid Accounts
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 4.68
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 5.22
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 9.11
Matched TTPs:
- T1005 - Data from Local System
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 11.42
Matched TTPs:
- T1005 - Data from Local System
- T1656 - Impersonation
- T1003.003 - NTDS
MITREへのリンク →
Score: 6.47
Matched TTPs:
- T1070.008 - Clear Mailbox Data
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 6.80
Matched TTPs:
- T1547.015 - Login Items
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 15.79
Matched TTPs:
- T1001 - Data Obfuscation
- T1547.002 - Authentication Package
- T1656 - Impersonation
- T1003.003 - NTDS
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 6.66
Matched TTPs:
- T1078 - Valid Accounts
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.08
Matched TTPs:
- T1114.002 - Remote Email Collection
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 4.92
Matched TTPs:
- T1547.002 - Authentication Package
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.06
Matched TTPs:
- T1547.002 - Authentication Package
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 4.74
Matched TTPs:
- T1547.002 - Authentication Package
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 8.71
Matched TTPs:
- T1656 - Impersonation
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.78
Matched TTPs:
- T1656 - Impersonation
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 7.61
Matched TTPs:
- T1548.006 - TCC Manipulation
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.02
Matched TTPs:
- T1548.006 - TCC Manipulation
- T1587 - Develop Capabilities
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.01
Matched TTPs:
- T1548.006 - TCC Manipulation
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 5.19
Matched TTPs:
- T1547.008 - LSASS Driver
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 5.41
Matched TTPs:
- T1556 - Modify Authentication Process
- T1490 - Inhibit System Recovery
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1070.008 - Clear Mailbox Data
- T1556 - Modify Authentication Process
- T1587 - Develop Capabilities
- T1069.001 - Local Groups
- T1547.002 - Authentication Package
- T1055.005 - Thread Local Storage
- T1547.008 - LSASS Driver
- T1596.001 - DNS/Passive DNS
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design