55 matches found
Endless Group: Lets Encrypt Certificates affected by CAA Rechecking Incident
Summary: Lets encrypt released a statement regarding 3 million certificates being revoked due to a issue in the CA signing process, Looking at your subdomains it appears that you are affected by this incident. When the revoking occurs the certificates the certificates are no longer valid. This ma...
Identifying Let’s Encrypt Revoked Certificates
Let's Encrypt is a free, automated, open certificate authority CA run for the public's benefit as a service from the Internet Security Research Group ISRG. It provides free digital certificates to enable HTTPS SSL/TLS for websites via user-friendly means. Earlier this week, Let's Encrypt announce...
Let’s Encrypt Pushes Back Deadline to Revoke Some TLS Certificates
Let’s Encrypt said it will give users of its Transport Layer Security TLS certificates more time to replace 1 million certificates that are still active and potentially affected by a Certificate Authority Authorization CAA bug before it revokes them. The popular free certificate authority had giv...
Let's Encrypt Vulnerability
The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. "Unfortunately, this means we need to revoke the certificates that were...
Let's Encrypt to Revoke Millions of TLS Certs
UPDATE Popular free certificate authority Let’s Encrypt said it will revoke 3 million Transport Layer Security TLS certificates Wednesday, because of a Certificate Authority Authorization CAA bug. The move could mean that millions of websites and machine identities that rely on those certificates...
ASSURE Aviation Cyber Security Testing
We've long been supporters and champions of a formalised approach to Aviation Cyber Security Testing. Our research and blogging has taken us on an interesting journey regarding airside and landside security, mapping attack surfaces and explaining how systems work and interact. Speaking and...
php: memcpy with negative length via crafted DNS response
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...
Design/Logic Flaw
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling SEC-439...
CVE-2018-20892
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling SEC-439...
CVE-2018-20892
CVE-2018-20892 affects cPanel prior to 74.0.0, where incorrect handling of CAA records allows arbitrary zone file modifications. Root cause: CAA handling flaw in the affected component. Impact per sources is modification of DNS zone data. No exploitation details or patches are specified in the pr...
HackerOne: Missing Certificate Authority Authorization rule
Certificate Authority Authorization supported by LetsEncrypt and other CAs allows a domain owner to specify which Certificate Authorities should be allowed to issue certificates for the domain. All CAA-compliant certificate authorities should refuse to issue a certificate unless they are the CA o...
caa.co.za XSS vulnerability
Vulnerable URL: http://www.caa.co.za/examinations%20forms/forms/allitems.aspx?FollowSite=0=%27-confirm%27OPENBUGBOUNTY%27-%27 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 20.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 279861...
caa-ahm.org XSS vulnerability
Vulnerable URL: http://www.caa-ahm.org/login.php?url=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2551905 VIP website status:| No Check caa-ahm.org SSL connection:| Grade: A...
OracleVM 3.3 / 3.4 : bind (OVMSA-2016-0136)
The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2016-2776 - Updated named.ca hints file to the latest version 1267991 - Fix excessive queries caused by DS chasing with stub zones when DNSSEC is not used 1227189 - Added the fixed tarball wit...
HackerOne: Missing Certificate Authority Authorization rule
Certificate Authority Authorization supported by LetsEncrypt and other CAs allows a domain owner to specify which Certificate Authorities should be allowed to issue certificates for the domain. All CAA-compliant certificate authorities should refuse to issue a certificate unless they are the CA o...