← Start Commercial (StartCom) Ltd. cases
Bugzilla #499178 · Certificate Problem Report
Clarification requested regarding remediation of StartCom certificate issuance vulnerability
Start Commercial (StartCom) Ltd. · RESOLVED
AI Summary
This case addresses a vulnerability in StartCom's certificate issuance system that allowed users to request certificates for any domain. The discussion revolves around the remediation steps taken by StartCom and the verification of previously issued certificates. The case was resolved with the conclusion that StartCom had appropriate measures in place and that no invalid certificates were found post-incident.
Chronology
- Initial report of vulnerability and request for clarification
- Case marked as resolved
Participants
Sam Johnston
Kathleen Wilson
Eddy Nigg
External References
Similar Local Cases
StartCom: IV without localityName or stateOrProvinceName
StartCom: public exponent is 1
StartCom: OCSP responder often returns "unknown" for recently-issued certificates
StartCom cert not working in Firefox 4 beta
Camerfirma: Startcom are issuing by proxy using Camerfirma
EV SSL certificate (and OCSP response) for www.camerfirma.com fails to meet EV Guidelines
StartCom: duplicate serial numbers
DigiCert / CTJ: Metadata in OU fields, Reserved IP Address