As asserted by a major finding, researchers at the ATHENE National Research Center in Germany have identified a long-standing vulnerability in the Domain Name System (DNS) that could potentially lead to widespread Internet outages. This flaw, known as “KeyTrap” and tracked as CVE-2023-50387, exposes a fundamental design flaw in the DNS security extension, DNSSEC, dating back to 2000.
DNS servers play a crucial role in translating website URLs into IP addresses, facilitating the flow of Internet traffic. The KeyTrap vulnerability exploits a loophole in DNSSEC, causing a DNS server to enter a resolution loop, consuming all its computing power and rendering it ineffective. If multiple DNS servers were targeted simultaneously, it could result in extensive Internet disruptions.
A distinctive aspect of KeyTrap is its classification as an “Algorithmic Complexity Attack,” representing a new breed of cyber threats. The severity of this issue is underscored by the fact that Bind 9, the most widely used DNS implementation, could remain paralyzed for up to 16 hours after an attack.
According to the Internet Systems Consortium (ISC), responsible for overseeing DNS servers globally, approximately 34% of DNS servers in North America utilise DNSSEC for authentication, making them vulnerable to KeyTrap. The good news is that, as of now, there is no evidence of active exploitation, according to the researchers and ISC.
To address the vulnerability, the ATHENE research team collaborated with major DNS service providers, including Google and Clo
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.