NSA Releases Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques

Original release date: October 8, 2021

The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet with guidance to help secure the Department of Defense, National Security Systems, and Defense Industrial Base organizations from poorly implemented wildcard Transport Layer Security (TLS) certificates and the exploitation of Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA). A malicious cyber actor with network access can exploit this vulnerability to access sensitive information.

CISA encourages administrators and users to review NSA’s CSI sheet on Avoiding Dangers of Wildcard TLS Certificates and the ALPACA Technique for more information.

This product is provided subject to this Notification and this Privacy & Use policy.