CyberSecurity news
FlagThis
@securityonline.info
//
A critical vulnerability in SSL.com's domain validation system has been exploited, leading to the unauthorized issuance of digital certificates for several domains. The flaw, discovered by a security researcher known as "Sec Reporter," allowed attackers to obtain certificates for domains they did not legitimately control. This poses a significant threat, as these fraudulently obtained certificates could be used for malicious purposes, such as creating convincing phishing sites or decrypting HTTPS traffic. SSL.com has taken action by revoking 11 wrongly issued certificates, including one for Alibaba Cloud's aliyun.com.
The vulnerability lies within SSL.com's "Email to DNS TXT Contact" method of domain validation. This method allows users to verify control of a domain by creating a DNS TXT record with a contact email address. SSL.com then sends a verification code to that email address. However, due to a flawed implementation, SSL.com incorrectly treated the domain part of the contact email as a verified domain. For example, if someone used myusername@aliyun.com as the contact email for a test domain, SSL.com would incorrectly consider them authorized to request certificates for aliyun.com itself. This simple oversight allowed attackers to bypass security measures.
The company has pledged to release a detailed incident report by May. In the meantime, the affected domain control validation (DCV) method has been disabled pending a full fix. Other certificates that were wrongly issued through this mechanism, including those for *.medinet.ca (Canadian healthcare software), help.gurusoft.com.sg (Singapore tech support), banners.betvictor.com (BetVictor gambling site), production-boomi.3day.com (window blinds manufacturer), kisales.com and medc.kisales.com have been revoked.
ImgSrc: securityonline.
References :
The vulnerability lies within SSL.com's "Email to DNS TXT Contact" method of domain validation. This method allows users to verify control of a domain by creating a DNS TXT record with a contact email address. SSL.com then sends a verification code to that email address. However, due to a flawed implementation, SSL.com incorrectly treated the domain part of the contact email as a verified domain. For example, if someone used myusername@aliyun.com as the contact email for a test domain, SSL.com would incorrectly consider them authorized to request certificates for aliyun.com itself. This simple oversight allowed attackers to bypass security measures.
The company has pledged to release a detailed incident report by May. In the meantime, the affected domain control validation (DCV) method has been disabled pending a full fix. Other certificates that were wrongly issued through this mechanism, including those for *.medinet.ca (Canadian healthcare software), help.gurusoft.com.sg (Singapore tech support), banners.betvictor.com (BetVictor gambling site), production-boomi.3day.com (window blinds manufacturer), kisales.com and medc.kisales.com have been revoked.
ImgSrc: securityonline.
Share:
References :
- The Register - Security: Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps
- Cyber Security News: Hacker Exploits SSL.com Domain Validation to Illegitimately Obtain Certificate for Alibaba Cloud Domain
- ciso2ciso.com: Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps – Source: go.theregister.com
- cyberpress.org: Hacker Exploits SSL.com Domain Validation to Illegitimately Obtain Certificate for Alibaba Cloud Domain
- hackread.com: An SSL.com vulnerability allowed attackers to issue valid SSL certificates for major domains by exploiting a bug in…
- securityonline.info: SSL.com Discloses Mis-issuance of Digital Certificates Due to DCV Flaw
- bugzilla.mozilla.org: 1961406 - SSL.com: DCV bypass and issue fake certificates for any MX hostname
Classification:
- HashTags: #DomainValidation #Bug #DigitalCertificate
- Company: SSL.com
- Target: SSL Users
- Product: SSL Certificates
- Feature: domain validation
- Type: Bug
- Severity: Medium