"Just One Bad Packet Can Bring down a Vulnerable DNS Server Thanks to DNSSEC"

Through the exploitation of a 20-year-old design flaw dubbed KeyTrap in the DNSSEC specification, one packet can exhaust a vulnerable DNS server's processing capacity, effectively disabling the machine. According to the researchers who uncovered this flaw, associated with the German National Research Center for Applied Cybersecurity (ATHENE) in Darmstadt, DNS server software makers briefed on the vulnerability described it as the worst DNS attack ever discovered. The KeyTrap security flaw, tracked as CVE-2023-50387, has received a CVSS severity rating of 7.5 out of 10. This article continues to discuss the KeyTrap DNSSEC vulnerability.

The Register reports "Just One Bad Packet Can Bring down a Vulnerable DNS Server Thanks to DNSSEC"

Submitted by grigby1

Submitted by grigby1 CPVI on