|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Chrome, Firefox: site spoofing via homographs
Synthesis of the vulnerability
An attacker can use a url with Unicode characters looking like ASCII characters, in order to deceive the victim.
Impacted products: Chrome, Firefox, SeaMonkey, Opera.
Severity of this bulletin: 2/4.
Consequences of an intrusion: data reading.
Hacker's origin: document.
Creation date: 18/04/2017.
Références of this threat: 1332714, CVE-2017-5090, VIGILANCE-VUL-22467.
Description of the vulnerability
Several Unicode characters (such as U+0430) look like the ASCII 'a' character. Some attackers use domain names containing these variants, in order to invite the victim to click on a link.
This type of attack, based on homographs, was already described in several bulletins (VIGILANCE-VUL-4729 and VIGILANCE-VUL-8497). Fixes are applied in most software.
However, when the name is only composed of Unicode characters, the Chrome and Firefox protections are bypassed. For example, https://xn--e1awd7f.com/ is displayed as https://www.epic.com/. Moreover, as a valid certificate for this domain can be obtained via Let's Encrypt, an attacker can easily spoof a TLS site.
An attacker can therefore use a url with Unicode characters looking like ASCII characters, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a software vulnerability workaround. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.