StartEncrypt contains design and implementation flaws

Discussion in 'other security issues & news' started by itman, Jul 5, 2016.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    http://news.softpedia.com/news/flaw...-ssl-certificates-for-any-domain-505977.shtml

    StartEncrypt contains design and implementation flaws

    According to CompuTest, this validation process is flawed, and through a few tricks, it allows server owners to receive SSL certificates issued for other domains, such as Facebook, Google, Dropbox, etc., which can be sold on the black market or used in man-in-the-middle attacks.
     
Loading...