Ethereum Name Service (ENS) is a decentralized naming system built on the Ethereum blockchain, enabling human-readable names for Ethereum addresses and other resources. In ENS versions 1.6.2 and earlier, the RSASHA256Algorithm and RSASHA1Algorithm smart contracts responsible for verifying RSA signatures do not fully validate the PKCS#1 v1.5 padding structure during signature verification. Instead, these contracts only verify that the last 32 bytes (for SHA-256) or 20 bytes (for SHA-1) of the decrypted signature match the expected hash, neglecting the proper padding checks. This improper verification corresponds to CWE-347 (Improper Verification of Cryptographic Signature). The vulnerability allows exploitation of Bleichenbacher's 2006 signature forgery attack, which targets RSA signatures with low public exponents, specifically e=3. Two ENS-supported top-level domains (TLDs), .cc and .name, use RSA keys with e=3 for their DNSSEC Key Signing Keys (KSKs). As a result, attackers can forge valid signatures and fraudulently claim any domain under these TLDs on ENS without legitimate DNS ownership. This undermines the integrity of ENS domain ownership and trust in the system. A patch addressing this issue was merged (commit c76c5ad0dc9de1c966443bd946fafc6351f87587), which corrects the signature verification to properly validate the full PKCS#1 v1.5 padding. Workarounds include deploying the patched contracts and configuring DNSSECImpl.setAlgorithm to reference the updated contract. The vulnerability has a CVSS 4.0 score of 2.7, reflecting low severity due to no required privileges, no user interaction, and limited impact on confidentiality and availability. No known exploits have been reported in the wild to date.

The primary impact of this vulnerability is the compromise of ENS domain ownership integrity for domains under the .cc and .name TLDs. Attackers exploiting this flaw can fraudulently claim ENS domains without owning the corresponding DNS records, potentially enabling domain hijacking, impersonation, and fraudulent activities on the Ethereum blockchain ecosystem. This can lead to loss of trust in ENS as a reliable naming service, disruption of decentralized applications relying on ENS for identity or resource resolution, and potential financial losses if attackers redirect transactions or assets. However, the vulnerability does not directly impact confidentiality or availability of ENS services or Ethereum blockchain operations. The low CVSS score reflects that exploitation does not require privileges or user interaction and has limited scope beyond affected TLDs. Organizations and users relying on ENS domains under .cc and .name are at the highest risk, especially those using ENS for critical identity or transaction routing functions.

To mitigate this vulnerability, ENS operators and developers should immediately deploy the patched versions of the RSASHA256Algorithm and RSASHA1Algorithm contracts that correctly implement full PKCS#1 v1.5 padding verification. ENS administrators must update the DNSSECImpl contract's setAlgorithm pointer to reference the patched contracts to ensure proper signature validation. Domain owners and users should verify that their ENS clients and infrastructure are updated to use the fixed contracts. Additionally, ENS users should exercise caution when interacting with domains under the .cc and .name TLDs until patches are applied, as fraudulent claims are possible. Monitoring ENS domain registrations for suspicious activity in these TLDs is recommended. For future resilience, ENS should consider deprecating support for RSA keys with low public exponents (e=3) and adopt more secure cryptographic algorithms and signature verification methods. Regular security audits of smart contracts and cryptographic implementations should be enforced to prevent similar issues.