Trapped By The CLI - William Robinet
Nullcon Goa 2025 · Main Stage
William Robinet's Nullcon talk, "Trapped By The CLI," delves into subtle yet critical vulnerabilities within widely used cryptographic command-line interface (CLI) tools, primarily focusing on **OpenSSL**. The presentation exposes how meticulously crafted X.509 certificates and Certificate Signing Requests (CSRs), containing **terminal control characters** and **escape sequences**, can manipulate the output displayed by tools like `openssl x509 -text`. This manipulation can lead to significant security risks, including visual spoofing, information hiding, and potentially the unauthorized issuance of certificates for sensitive domains.
AI review
Robinet found a real, overlooked bug class — terminal control character injection through X.509/ASN.1 fields — and demonstrated it with escalating, credible proofs of concept from ANSI art to a forged wildcard CSR for *.google.com. The SAN DNS field finding is the headline: unescaped control characters across OpenSSL, GnuTLS, and Java Key Tool is a multi-toolkit failure with a concrete, practical attack path against private CAs. Not world-ending, but genuinely novel and under-discussed.