Symantec tricked into removing legit certificates by security researcher

Embattled TLS certificate provider Symantec has been caught out by security researcher Hanno Böck incorrectly revoking certificates based on forged private keys. According to a blog post written by Böck, he registered a pair of domains, received free TLS certificates from Symantec and Comodo, and created a set of fake private keys uploaded to Pastebin for each domain to send to the appropriate certificate provider, along with a request to revoke the certificate because its private key was publicly viewable.

Read full news article on ZDNet

 


Date:

Categorie(s):

Tag(s):