Digging into our logs, I think the log should be distrusted for everything after 17:00:02 on May 2. This was the last known good treehead. That head was published at 5:00:00 on Sunday, May 3. All SCTs issued after this don't appear in a tree signed before compromise.
CVE-2020-11651An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.CVE-2020-11652An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Does that statement
extend to the use of Saltstack itself, and the personnel involved in
designing, deploying, and operating the compromised CT log? That is to say,
is any part of Saltstack present anywhere else within DigiCert's CT log or
CA infrastructure, in any capacity? Has anyone involved in the design,
deployment, or operation of the compromised CT log been involved in the
design, deployment, or operation of any other DigiCert CT log or CA
infrastructure, or are there plans to do so in the future? I include
management personnel in my question, to the degree that they were involved in
reviewing, approving, or overseeing the work of those more directly involved
in the design, deployment, or operation of the compromised CT log.
--
You received this message because you are subscribed to the Google Groups "Certificate Transparency Policy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ct-policy+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/5c4a92bc-1593-43bf-bbd4-d26332a4eae5%40chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to ct-p...@chromium.org.
--
You received this message because you are subscribed to a topic in the Google Groups "Certificate Transparency Policy" group.
To unsubscribe from this topic, visit https://groups.google.com/a/chromium.org/d/topic/ct-policy/aKNbZuJzwfM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ct-policy+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/20200505004342.tsntdzivdx3cpjga%40hezmatt.org.