80 percent of digital certificates vulnerable to man-in-the-middle attacks

A new survey finds that nearly 80 percent of TLS certificates on the internet are vulnerable to man-in-the-middle (MiM) attacks, while as many as 25 percent of all certificates are expired at any given time.

The study, sponsored by automated machine identity management firm AppViewX and carried out by EEnterprise Management Associates (EMA), focuses on servers with SSL/TLS certificates on port 443.

Among its findings are that only 21 percent of servers on the internet utilize TLS 1.3, meaning 79 percent of SSL certificates in use today are still subject to man-in-the-middle attacks.

"We were surprised with the sheer volume of expired and self-signed certificates in circulation, and how many organizations are still not using TLS 1.2 and 1.3," says Ken Buckler, CASP, director of information security research for EMA. "With Google's proposed TLS certificate 90-day expiration mandate looming, it's clear that the only path forward for IT administrators and security professionals is automated certificate management."

Up to 25 percent of certificates on the internet pose a security threat because they are expired (10 percent) or self-signed (15 percent) which are not considered secure for publicly accessible websites or services.

In addition 45 percent of IP addresses exposed to unpatched vulnerabilities (many of which have been unpatched for years) also have expired certificates (22 percent) or self-signed certificates (23 percent). The Generic Top-Level Domains (gTLDs) with the most expired certificates are: .org (15 percent), .com (12 percent) and .mil (11 percent).

"With almost six million expired SSL/TLS certificates currently in use on the internet and almost nine million self-signed certificates, this survey quantifies that many organizations are failing to perform basic certificate management hygiene," says Murali Palanisamy, chief solutions officer at AppViewX. "The recent certificate expiration incidents at Cisco, Microsoft and StarLink demonstrate the importance of automating the management of digital identities to eliminate critical outages and ensure strong security and risk postures."

The full report is available from the AppViewX site.

Image Credit: maxkabakov / depositphotos.com