Misissued TLS Certificates for 1.1.1.1 DNS Service Allow Attackers to Intercept and Decrypt Traffic

ByAdmin

The discovery of three improperly issued TLS certificates for 1.1.1.1, the widely used public DNS service from Cloudflare, has raised significant security concerns. Issued in May 2025, these certificates could potentially allow attackers to intercept and decrypt encrypted DNS lookups, thereby exposing users’ browsing habits. The existence of these unauthorized certificates was revealed on September 3, 2025, in an online security forum, four months after their issuance. They were issued by Fina RDC 2020, a certificate authority (CA) linked to the Fina Root CA, which is part of the Microsoft Root Certificate Program. This connection meant that the mis-issued certificates were trusted by default by the Windows operating system and the Microsoft Edge browser. Cloudflare confirmed that the certificates were issued without their authorisation and initiated an investigation, reaching out to Fina, Microsoft, and the relevant supervisory body to address the issue.

In response to the situation, Microsoft stated that it had engaged the certificate authority to request immediate action and was working to block the affected certificates from its disallowed list to protect customers. Notably, users of other major browsers, such as Google Chrome and Mozilla Firefox, were not affected, as these browsers have never trusted the Fina root certificate. The incident highlights a significant vulnerability in the public key infrastructure (PKI) that underpins much of the internet, illustrating how a single point of failure can compromise the entire system of trust. Cloudflare likened the CA ecosystem to “a castle with many doors,” emphasising that the failure of one CA can jeopardise overall security. As the investigation unfolds, critical questions remain regarding who requested the certificates and why existing safeguards failed to detect them sooner. 

Categories: TLS Certificate Mis-issuance, Public Key Infrastructure Vulnerabilities, Certificate Authority Trust Issues 

Tags: TLS Certificates, 1.1.1.1, Cloudflare, APNIC, Mis-issued, Certificate Authority, Microsoft, Public Key Infrastructure, Adversary-in-the-middle, Certificate Transparency 

Similar Posts

Weekly Cybersecurity News Roundup: Key Security Updates from Microsoft, Cisco, and Fortinet, Plus Recent Cyber Attack Insights Stay informed with our latest weekly recap of cybersecurity news, featuring essential security updates from industry leaders Microsoft, Cisco, and Fortinet. We also delve into recent cyber attacks, providing insights into emerging threats and vulnerabilities. Don’t miss out on crucial information that can help safeguard your digital assets!

Leave a Reply

Your email address will not be published. Required fields are marked *