← e-tugra cases
Bugzilla #1801345
Certificate Problem Report
E-Tugra: Incident Report (Security Issues)
RESOLVED
FIXED
e-tugra
AI Summary
E-Tugra reported a security incident involving unauthorized access to an internal application that was mistakenly made publicly accessible. The incident was identified on November 13, 2022, and involved the potential exposure of sensitive information, including password reset emails. E-Tugra took immediate action to secure the application and conducted a thorough investigation, confirming that no certificates were affected and that domain validation processes were managed by SSL.com. The company has since implemented remediation measures and is undergoing penetration testing to enhance security. The incident raised concerns about the separation of systems and the potential for unauthorized access to customer accounts.
Chronology
- Incident identified by security researcher.
- Incident report published on Bugzilla.
- Penetration testing initiated.
- Penetration testing completed.
Participants
ahmed@e-tugra.com.tr
ian@ian.sh
ryandickson@google.com
bwilson@mozilla.com
cclements@google.com
External References
Similar Local Cases
CFCA: The wrong status of OCSP
Buypass: Domain validation method using externally operated DNS tools
Telia: Issued three precertificates with non-NIST EC curve
IdenTrust: TLS Certificates with outdated certificate profile
TWCA: Revocation delay for TLS certificates with non-critical basicConstraints
E-Tugra: Validity period > 825 days
E-Tugra: Insufficient serial number entropy
Telia: Invalid email contact address was used for few domains