Taking down a European network with a TLS certificate: my RIPE NCC RPKI exploit chain
Summary
A security researcher reveals a chain of web-application vulnerabilities across RIPE NCC's RPKI-related portals that could take down network connectivity. The post details how a single XSS entry point and shared SSO cookies allowed unauthorized ROA and RIPE Database changes via CSRF, highlighting the attack surface in critical internet infrastructure and recommending mitigations such as per-application cookies and proper CSRF protection.