The NSA published an advisory regarding the use of wildcard TLS certificates, which can be escalated to carry out the Application Layer Protocol Content Confusion Attack (ALPACA) TLS attack.
What is a wildcard certificate?
A wildcard certificate is a digital TLS certificate received by organizations from certificate authorities. This certificate can be applied to a domain and to all the underlying subdomains through the use of a wildcard character. It is effectively used to reduce costs and for easy management.
Nonetheless, it creates a security issue.
A serious threat indeed
The NSA alerted that cybercriminals can exploit wildcard TLS certificates to decrypt TLS-encrypted traffic.
Anyone with a private key linked to a wildcard certificate can impersonate the sites and gain access to credentials and protected data.
However, if an attacker compromises a server with that trick, they can compromise the entire organization.
In its warning, the NSA has urged organizations against the use of wildcard TLS certificates. The NSA has also laid out technical guidance to help secure the DoD, National Security Systems (NSS), and Defense Industrial Base (DIB).