Row breaks out over true severity of two DNSSEC flaws

March 26, 2024 at 04:29AM Two DNSSEC vulnerabilities, KeyTrap (CVE-2023-50387) and NSEC3-encloser (CVE-2023-50868), were disclosed with similar descriptions and a severity score of 7.5 out of 10. However, a study by the ATHENE team finds NSEC3-encloser is less severe than KeyTrap, contrary to MITRE’s assessment. This has led to concerns about the accuracy and quality … Read more

‘KeyTrap’ DNS Bug Threatens Widespread Internet Outages

February 20, 2024 at 01:37PM Researchers recently uncovered a major DNS security flaw, “KeyTrap,” that can potentially cripple large sections of the Internet. Exploiting a flaw in the DNSSEC extension, a single packet can force servers into a loop, consuming computing power and causing widespread outages. Patching efforts are underway, but a more comprehensive solution … Read more

KeyTrap attack: Internet access disrupted with one DNS packet

February 19, 2024 at 08:38AM A serious vulnerability named KeyTrap in the DNSSEC feature could be exploited to deny internet access to applications for an extended period. Tracked as CVE-2023-50387, KeyTrap is a design issue in DNSSEC impacting DNS implementations. Researchers from ATHENE and partners discovered and addressed the issue, working with DNS service providers. … Read more

KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers

February 14, 2024 at 08:03AM A new DNS vulnerability, named KeyTrap or CVE-2023-50387, has been discovered by researchers. The flaw in DNSSEC could potentially allow attackers to disrupt large parts of the internet using a single specially crafted DNS packet. While patches are being released, prevention may require changes to the underlying DNSSEC design. The … Read more