Smallstep step-ca 输入验证错误漏洞

Smallstep step-ca is an online certificate authority for DevOps security and automated certificate management provided by the Smallstep company in the United States. Versions of Smallstep step-ca prior to 0.30.0-rc3 contained a vulnerability related to input validation errors. This vulnerability...

Authorization Bypass

github.com/smallstep/certificates is vulnerable to Authorization Bypass. The vulnerability is due to improper enforcement of protocol authorization checks, which allows an attacker to bypass validation steps and obtain certificates without proper authorization...

GO-2026-4775 step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) in github.com/smallstep/certificates

step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq MessageType=18 in github.com/smallstep/certificates...

Improper Authentication

github.com/smallstep/certificates is vulnerable to improper authentication. The vulnerability is due to missing safeguards against unauthenticated certificate issuance through the SCEP UpdateReq, which allows an attacker to obtain certificates without authentication...

Smallstep step-ca 信任管理问题漏洞

Smallstep step-ca is an online certificate authority for DevOps security and automated certificate management provided by the Smallstep company. Versions of Smallstep step-ca prior to 0.30.0-rc6 contain vulnerabilities related to trust management. These vulnerabilities stem from the lack of...

Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed vulnerabilities in Biosig Project Libbiosig, Grassroot DiCoM, and Smallstep step-ca. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party...

Smallstep step-ca 安全漏洞

Smallstep step-ca is an online certificate authority for secure, automated certificate management for DevOps from Smallstep USA. A security vulnerability exists in Smallstep step-ca that stems from an authorization check being bypassed, which could result in the creation of a certificate without...

GO-2025-4181 step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates

step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates...

Smallstep step-ca 安全漏洞

Smallstep step-ca is an online certificate authority for secure, automated certificate management for DevOps from Smallstep USA. A security vulnerability exists in Smallstep step-ca versions prior to 0.29.0 that stems from improper SSH certificate revocation authorization checking, which could le...

I’m Now a Full-Time Professional Open Source Maintainer

or, "Holy shit, it works!" Last May I left my job on the Go team at Google to experiment with more sustainable paths for open-source maintainers. I held on to my various maintainer hats Go cryptography, transparency tooling, age, mkcert, yubikey-agent…, iterated on the model since September, and ...