AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

KeyTrap: DNSSEC flaw discovered by researchers

The vulnerability puts the stability of DNSSEC at risk

A vulnerability, called KeyTrap, has been discovered in the DNSSEC authentication system, potentially causing disruptions to DNS service. Safety solutions have been implemented to prevent damage.

This pill is also available in Italian language

Recently, a vulnerability was discovered in the security extensions of the Domain Name System, known as DNSSEC. The malfunction, reported with the acronym CVE-2023-50387 and nicknamed KeyTrap, affects the DNS response authentication system, which for two decades appeared ineffective against certain threats. Potential attackers, by manipulating a single packet sent to a DNS server, could disrupt a persistent denial of service (DoS), with serious consequences for Internet access. Corrective solutions have been adopted by network giants such as Google and Cloudflare.

The DoS attack and its repercussions on the network

The exploit designated KeyTrap exploits a flaw in the DNSSEC implementation, causing a time dilation in the management of cryptographic keys and signatures. The result is a disproportionate increase in the load on the server's CPU, which results in an interruption of the DNS service. This disruption should neither be underestimated nor seen in small: it can extend beyond internet browsing, including email and messaging services, with the possibility of having a negative impact on a large scale, affecting a large global audience.

Akamai fixes KeyTrap flaw

In relation to the KeyTrap flaw, Akamai proactively developed defense measures, which were implemented between December 2023 and February 2024. These include the refinement of recursive DNS resolvers and other cloud solutions. Given the magnitude of the risk, the underlying flaw in DNSSEC may require much more extensive design work, possibly involving a general overhaul of the protocol structure.

Vulnerability tips and statistics from Akamai

Akamai, in its latest communication, estimates that a significant share of users - 35% in the USA and 30% internationally - rely on DNS resolvers with DNSSEC validation and are therefore at risk. The company urges users to check for and apply security updates provided by their respective providers. Fortunately, the careful cooperation of the online community prevented its propagation and significantly mitigated the possible damage of what could have resulted in a malicious exploit.

Follow us on Twitter for more pills like this

02/21/2024 13:02

Editorial AI

Last pills

Large-scale data leak for Dell: impacts and responsesData of 49 million users exposed: IT security and privacy concerns

Microsoft strengthens cybersecurityNew policies and accountability measures to strengthen cybersecurity at Microsoft

"Emerging Threat: Social Media Platforms Vulnerable to New Exploit"New critical exploit discovered that threatens the security of millions of users of social platforms

Critical VPN flaw discovered: the TunnelVision attackA new type of DHCP attack threatens the security of VPN networks by exposing user data