Comodo again

瀏覽次數：20 次

跳到第一則未讀訊息

Jan Schejbal

未讀,

2011年5月25日上午10:21:342011/5/25

收件者：mozilla-dev-s...@lists.mozilla.org

Hi,
seems another Comodo reseller has not taken security too seriously:
http://pastebin.com/F5nUf5kr and http://pastebin.com/9qwdL1pA

Looks like it does NOT affect certificate issuance directly, though.

Kind regards,
Jan
--
Please avoid sending mails, use the group instead.
If you really need to send me an e-mail, mention "FROM NG"
in the subject line, otherwise my spam filter will delete your mail.
Sorry for the inconvenience, thank the spammers...

Peter Gutmann

未讀,

2011年5月25日上午11:28:582011/5/25

收件者：jan.sche...@gmx.de、mozilla-dev-s...@lists.mozilla.org

Jan Schejbal <jan.sche...@gmx.de> writes:

>seems another Comodo reseller has not taken security too seriously:
>http://pastebin.com/F5nUf5kr and http://pastebin.com/9qwdL1pA
>
>Looks like it does NOT affect certificate issuance directly, though.

Could this have been exploited in any way to obtain certs, or is it just an
egg-on-face thing?

Peter.

Eddy Nigg

未讀,

2011年5月25日上午11:48:382011/5/25

收件者：mozilla-dev-s...@lists.mozilla.org

On 05/25/2011 06:28 PM, From Peter Gutmann:

> Could this have been exploited in any way to obtain certs, or is it just an
> egg-on-face thing?

Initially it seems the later - but probably at this stage it might be
possible to change the content in the DB, triggering the issuance of a
certificate for a different subject than actually validated.

--
Regards

Signer: Eddy Nigg, StartCom Ltd.
XMPP: star...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg

0 則新訊息