Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Compromised certificate for localhost.cmdm.comodo.net / Comodo ITSM
795 views
Skip to first unread message
Hanno Böck
Jan 12, 2018, 10:33:42 AM1/12/18
to mozilla-dev-s...@lists.mozilla.org
Hi,
Comodo ITSM (IT Service Management Software) runs an HTTPS server on
localhost and port 21185. The domain localhost.cmdm.comodo.net pointed
to localhost.
It is obvious that with this setup the private key is part of the
application and thus compromised. With advanced next generation key
extraction software (strings and grep) I was able to extract the
private key from the software executable.
There exist two certificates that use the same key plus two
precertificates. Only one of the certificates is still valid, the other
is expired. List:
https://crt.sh/?spkisha256=accbb60afe2d28949e21d76f298a2f20c0a24488ad0980ea31b4c0e04b952879
I reported this to Comodo earlier today and the certificate got revoked
very quickly. It was pointed out to me that Comodo ITSM was developed
by Comodo Security Solutions and that Comodo CA played no part in the
development of that software.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Comodo ITSM (IT Service Management Software) runs an HTTPS server on
localhost and port 21185. The domain localhost.cmdm.comodo.net pointed
to localhost.
It is obvious that with this setup the private key is part of the
application and thus compromised. With advanced next generation key
extraction software (strings and grep) I was able to extract the
private key from the software executable.
There exist two certificates that use the same key plus two
precertificates. Only one of the certificates is still valid, the other
is expired. List:
https://crt.sh/?spkisha256=accbb60afe2d28949e21d76f298a2f20c0a24488ad0980ea31b4c0e04b952879
I reported this to Comodo earlier today and the certificate got revoked
very quickly. It was pointed out to me that Comodo ITSM was developed
by Comodo Security Solutions and that Comodo CA played no part in the
development of that software.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Rob Stradling
Jan 12, 2018, 10:37:11 AM1/12/18
to Hanno Böck, mozilla-dev-s...@lists.mozilla.org
Hanno, thanks for reporting this to us earlier today.
Mozilla, please consider adding https://crt.sh/?id=245397620 to OneCRL.
Thanks.
On 12/01/18 15:33, Hanno Böck via dev-security-policy wrote:
> Hi,
>
> Comodo ITSM (IT Service Management Software) runs an HTTPS server on
> localhost and port 21185. The domain localhost.cmdm.comodo.net pointed
> to localhost.
>
> It is obvious that with this setup the private key is part of the
> application and thus compromised. With advanced next generation key
> extraction software (strings and grep) I was able to extract the
> private key from the software executable.
>
> There exist two certificates that use the same key plus two
> precertificates. Only one of the certificates is still valid, the other
> is expired. List:
> https://crt.sh/?spkisha256=accbb60afe2d28949e21d76f298a2f20c0a24488ad0980ea31b4c0e04b952879
>
> I reported this to Comodo earlier today and the certificate got revoked
> very quickly. It was pointed out to me that Comodo ITSM was developed
> by Comodo Security Solutions and that Comodo CA played no part in the
> development of that software.
>
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Mozilla, please consider adding https://crt.sh/?id=245397620 to OneCRL.
Thanks.
On 12/01/18 15:33, Hanno Böck via dev-security-policy wrote:
> Hi,
>
> Comodo ITSM (IT Service Management Software) runs an HTTPS server on
> localhost and port 21185. The domain localhost.cmdm.comodo.net pointed
> to localhost.
>
> It is obvious that with this setup the private key is part of the
> application and thus compromised. With advanced next generation key
> extraction software (strings and grep) I was able to extract the
> private key from the software executable.
>
> There exist two certificates that use the same key plus two
> precertificates. Only one of the certificates is still valid, the other
> is expired. List:
> https://crt.sh/?spkisha256=accbb60afe2d28949e21d76f298a2f20c0a24488ad0980ea31b4c0e04b952879
>
> I reported this to Comodo earlier today and the certificate got revoked
> very quickly. It was pointed out to me that Comodo ITSM was developed
> by Comodo Security Solutions and that Comodo CA played no part in the
> development of that software.
>
--
Senior Research & Development Scientist
COMODO - Creating Trust Online
ku...@seifried.org
Jan 17, 2018, 10:59:40 AM1/17/18
to mozilla-dev-s...@lists.mozilla.org
0 new messages