Avoid Dangers of Wildcard TLS Certificates, the ALPACA Technique

Home / Articles / External / Government

wildcard TLS
Source: https://media.defense.gov/2021/Oct/07/2002869960/-1/-1/0/211007-D-IM742-1001.PNG

October 26, 2021 | Originally published by NSA on October 7, 2021

NSA released the Cybersecurity Information Sheet, “Avoid Dangers of Wildcard TLS Certificates and the ALPACA Technique” today, warning network administrators about the risks of using poorly scoped wildcard Transport Layer Security (TLS) certificates. NSA recommends several actions web administrators should take to keep their servers secure. This guidance also outlines the risks of falling victim to a web application exploitation method called Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA), which malicious cyber actors can use to access sensitive information.

Focus Areas