Skip to content

SSL.com patches abused certificate issue vulnerability

  • by
  • 2 min read

SSL.com has discovered a domain control validation vulnerability (DCV) in its systems that allows an attacker to issue false digital security certifications for legitimate domains. The bug has already been exploited to issue almost a dozen certificates for up to seven legitimate domains.

The vulnerability was discovered and reported by a security researcher from the CitadelCore cybersecurity team. The researcher also demonstrated the bug by exploiting it to create a fake certificate for aliyun.com, Alibaba Cloud’s official website. A bug report published on Mozilla explains the vulnerability exploitation as something that “incorrectly marks the hostname of the approver’s email address as a verified domain, which is completely erroneous,” along with steps to reproduce the bug.

SSL.com has since acknowledged the bug and is investigating the issue further. Additionally, out of an “abundance of caution,” the company has disabled the domain validation method 3.2.2.4.14 that was highlighted in the bug report for all SSL/TLS certifications until the issue is fixed. Further investigation revealed that an incorrect implementation of the DCV method allowed attackers to issue certificates for a particular hostname that were not intended to be issued.

What is ssl (secure sockets layer)? How does it protect a website?

At the moment, SSL.com claims that the vulnerability hasn’t affected the systems and APIs used by Entrust. For the time being, SSL.com has published a list of all affected certifications. Affected certificates have been revoked, and the relevant DCV records have been invalidated. Full details, as per CCADB guidelines, will be included in the whole incident report, to be published on May 2.

This is a worrying development until SSL.com can patch the issue. Fraudulent certificates can be used to impersonate legitimate websites to create dangerous phishing pages. Security certificates issued to the correct hostnames are one of the best ways to identify a fake page, and having them faked can throw off preventive measures.

In the News: OpenAI report claims its latest models hallucinate more

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of hacked security privacy

Co-op partially shutters IT systems after cyberattack

This is an image of protonmail featured 13

Indian government directed to block Proton Mail

This is an image of dark web hacker security

Malware-laden text editor used to target Uyghur users

This is an image of phishing featured storyblocks

Over 30,000 Australian banking credentials stolen

This is an image of nvidia featured 133133

Nvidia Riva API at risk of DoS attacks and data extraction

This is an image of galaxy s21 fe 3

Galaxy devices can leak passwords via clipboard bug

>