HTTP Public Key Pinning (HPKP) Bypass
HTTP Public Key Pinning (HPKP) is a security feature designed to ensure that web browsers only connect to websites using trusted SSL/TLS certificates. It works by allowing web servers to send a list of hashes of their SSL/TLS certificates to the browser.
When a browser connects to the website, it checks this list of hashes to make sure that the SSL/TLS certificate of the website matches one of the hashes on the list. This is a way of preventing a “man-in-the-middle” attack, where an attacker tries to intercept the traffic between the browser and the web server by pretending to be the web server.
However, HPKP can also present a risk if the certificate hash list contains only one entry. In this case, if the SSL/TLS certificate needs to be changed, the new certificate will not be accepted by the browser because it does not match the one on the list. This is called a “HPKP bypass” attack.
To prevent these types of attacks, it is important to implement HPKP with caution and to carefully manage the certificate pinning list. It is also recommended that web developers use backup keys in case the primary key needs to be changed.