“SSL.com acknowledges this bug report and we’re investigating additional,” Rebecca Kelly, technical challenge supervisor at SSL.com, commented on the demonstration, shortly following with, “Out of an abundance of warning, we now have disabled area validation technique 3.2.2.4.14 that was used within the bug report for all SSL/TLS certificates whereas we examine.”
In a preliminary incident report connected within the remark part of the demonstration, it was revealed {that a} complete of 10 certificates have been mis-issued by SSL.com utilizing the defective technique and have been consequently revoked. These improperly issued certificates, except for one, have been discovered to be non-fraudulent mis-issuance upon investigation, Kelly added.
Whereas CSO awaits response from SSL.com on the standing of the one mis-issued certificates nonetheless not within the clear, main web sites, together with electronic mail and cloud suppliers, are suggested to cross-check all the listing of mis-issued certificates to be further vigilant.
