“SSL.com acknowledges this bug report and we’re investigating additional,” Rebecca Kelly, technical challenge supervisor at SSL.com, commented on the demonstration, rapidly following with, “Out of an abundance of warning, we’ve got disabled area validation methodology 3.2.2.4.14 that was used within the bug report for all SSL/TLS certificates whereas we examine.”
In a preliminary incident report hooked up within the remark part of the demonstration, it was revealed {that a} complete of 10 certificates had been mis-issued by SSL.com utilizing the defective methodology and had been consequently revoked. These improperly issued certificates, except one, had been discovered to be non-fraudulent mis-issuance upon investigation, Kelly added.
Whereas CSO awaits response from SSL.com on the standing of the one mis-issued certificates nonetheless not within the clear, main web sites, together with e mail and cloud suppliers, are suggested to cross-check all the listing of mis-issued certificates to be additional vigilant.
