← Asseco Data Systems S.A. cases
Bugzilla #1433118
Certificate Problem Report
Asseco DS / Certum: certificate issued by Certum with compromised private key not revoked (windows10.microdone.cn)
RESOLVED
FIXED
Asseco Data Systems S.A.
AI Summary
A certificate issued by Certum for the domain windows10.microdone.cn was reported as compromised due to the private key being embedded in software. The report was initially ignored, leading to concerns about the responsiveness of Certum. After further escalation, the certificate was revoked. The issue was attributed to an incorrect contact email on Certum's website, which caused the initial report to be misdirected.
Chronology
- Initial report of compromised certificate submitted.
- Certum representative added to the bug.
- Certificate revoked after escalation.
- Investigation revealed incorrect contact email caused initial report to be overlooked.
Participants
Hanno Boeck
Wayne Thayer
Arkadiusz Ławniczak
Kathleen Wilson
External References
Similar Local Cases
DigiCert: localbattle.net certificate with private key in software / issued by Digicert
Asseco DS / Certum: Unallowed key usage for EC public key (Key Encipherment)
Asseco DS / Certum: inconsistent disclosure of externally-operated intermediate
Asseco DS / Certum: Corrupted certificates
Microsoft DSRE PKI: Microsoft shares wildcard certificates among cloud instances
CCADB: Bogus CAA info by D-Trust
Add revoked certificate Certification Authority of WoSign G2 issued by Certum CA root to OneCRL
SECOM: Non-BR-Compliant OCSP Responders