← DarkMatter LLC cases
Bugzilla #1645708
Certificate Problem Report
QuoVadis: EV serialNumber with "none"
RESOLVED
FIXED
DarkMatter LLC
AI Summary
QuoVadis issued an EV certificate with 'none' in the serialNumber field, which was reported by a security researcher. The certificate was revoked shortly after its issuance, but it was noted that the issue stemmed from incomplete remediation of a previous bug. The certificate had been replaced prior to the report, but the incident highlighted ongoing compliance issues. QuoVadis has since integrated its validation operations with DigiCert to enhance compliance processes and prevent similar issues in the future.
Chronology
- QuoVadis received notification from a security researcher.
- QuoVadis acknowledged receipt to the researcher.
- QuoVadis revoked the certificate.
- QuoVadis requested closure of the bug.
Participants
Stephen Davidson
Ryan Sleevi
Paul Steinberg
Jeremy Rowley
George Fozzie
External References
Similar Local Cases
QuoVadis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy or the BRs
QuoVadis: Incorrect EV jurisdiction of incorporation information
QuoVadis: Failure to provide a preliminary report within 24 hours.
QuoVadis: use of Organisationidentifier field in EV (Pre CABF Ballot SC17)
QuoVadis: Failure to revoke certificates with compromised private keys
QuoVadis: failure to reply to CPR in a timely manner
QuoVadis: BR Error - san dns name starts with period
QuoVadis: N/A in EV serialNumber field