← Sectigo cases
Bugzilla #1860299 Certificate Misissuance

Sectigo: SMIME issuance with insufficient validation of mailbox authorization or control

RESOLVED FIXED Sectigo
AI Summary

Sectigo identified a misissuance of 114 S/MIME certificates due to insufficient validation of mailbox authorization. The issue was discovered on October 18, 2023, leading to a swift investigation and the release of a patch the same day. Affected certificates were issued between September 1 and October 18, 2023. The root cause was linked to a design oversight in the E-PKI platform's validation mechanism, which failed to invalidate records after a certain period. Sectigo has since completed all action items related to this incident.

Model: gpt-4o-mini Generated: 2026-06-13 20:56 UTC Confidence: 0.90
Chronology
  1. Discovery of misissued certificates and immediate patch development.
  2. Deployment of patch to production and revocation of affected certificates.
  3. Completion of all action items related to the incident.
Participants
Martijn Katerbarg Ben Wilson
External References
Original Bugzilla Case www.ccadb.org
Similar Local Cases
#1915883 RESOLVED Certificate Misissuance Opened 2024-08-30 · Closed 2024-09-26 · 69% similar
Sectigo: Missing data in cabfOrganizationIdentifier
AI Summary CA Owner
#1895722 RESOLVED Certificate Misissuance Opened 2024-05-08 · Closed 2024-06-05 · 66% similar
Sectigo: Incorrect inclusion of DBA name
AI Summary CA Owner
#1782356 RESOLVED Certificate Misissuance Opened 2022-07-30 · Closed 2023-02-22 · 64% similar
Sectigo: Misspelled city name in localityName field
AI Summary CA Owner
#1876775 RESOLVED Certificate Misissuance Opened 2024-01-26 · Closed 2024-03-04 · 60% similar
Sectigo: Wrong usage of LEI records for the issuance of SMIME Certificates
AI Summary CA Owner
#1741026 RESOLVED Certificate Misissuance Opened 2021-11-13 · Closed 2023-02-22 · 59% similar
Sectigo: Incorrect JOI for federal credit unions
AI Summary CA Owner
#1665763 RESOLVED Certificate Misissuance Opened 2020-09-17 · Closed 2023-02-22 · 58% similar
Sectigo: Failure to revoke within 5 days
AI Summary CA Owner
#1747915 RESOLVED Certificate Misissuance Opened 2021-12-29 · Closed 2023-02-22 · 58% similar
Sectigo: Incorrect JOI Country value
AI Summary CA Owner
#1793789 RESOLVED Certificate Misissuance Opened 2022-10-05 · Closed 2023-02-22 · 58% similar
Sectigo: Incorrect JOI
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action