← Eviden cases
Bugzilla #1540961
Certificate Problem Report
Atos: Insufficient Serial Number Entropy
RESOLVED
FIXED
Eviden
AI Summary
Atos identified an issue with insufficient entropy in the serial numbers of certificates issued from their Trusted Root CAs. The problem was discovered during a self-compliance check prompted by discussions in the Mozilla security policy community. Affected certificates had serial numbers of only 63 bits due to a misconfiguration, leading to potential security vulnerabilities. Atos has since upgraded their systems and ceased issuing certificates with the problem, implementing a plan to revoke affected certificates by June 30, 2019. The incident has led to improvements in their compliance processes.
Chronology
- Atos TC performed self-assessment on issued certificates.
- Atos TC informed certificate holders about renewal process.
- Revocation of all affected server certificates planned.
- All affected CA certificates and server certificates revoked.
Participants
u636358@disabled.tld
jcristau@mozilla.com
ryan.sleevi@gmail.com
thomas.2.schwieters@atos.net
wthayer@fastly.com
External References
Similar Local Cases
Firmaprofesional: AC Firmaprofesional - INFRAESTRUCTURA insufficient serial number entropy
GDCA: Insufficient Serial Number Entropy
Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy
Camerfirma: Multicert SSL CA 001: Insufficient serial number entropy
SSL.com: Precertificates without corresponding certificates return OCSP value of "Unknown"
GlobalSign: SPKI lacks explicit NULL parameter,
GlobalSign: OCSP Responder Returns invalid values for Some Precertificates
GlobalSign: SSL Certificates with US country code and invalid State/Prov