Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps
Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps
10 other certificates 'were mis-issued and have now been revoked'
2 comments
-
This wasn't some complicated edge-case, it was gross incompetence by SSLcom.
If I was a browser or OS manufacturer I would be revoking their root certificates over this.
-
You would think this would be the first test case