← Internet Security Research Group cases
Bugzilla #1414039
Certificate Misissuance
Let's Encrypt: Attacker-controlled google.tg certificate being used in the wild.
RESOLVED
Internet Security Research Group
AI Summary
A certificate for google.tg was issued by Let's Encrypt following a compromise of the .tg registry. This certificate was found to be in use, prompting immediate action to block its acceptance in browsers. The incident raised concerns about the security of the registry and the potential for phishing attacks. Measures were taken to revoke the certificate and prevent further issuance to .tg domains.
Chronology
- Certificate for google.tg identified as compromised.
- Entry added to OneCRL for the compromised certificate.
- Registry confirmed resolution of the compromise.
Participants
Kathleen Wilson
Dana Keeler
Adam Langley
Gervase Markham
J.C. Jones
External References
Similar Local Cases
Let's Encrypt: certs issued contrary to CPS due to incomplete blocklist
Let's Encrypt: CAA Misissuances
WoSign issued SHA-1 SSL certs and backdated the issuance date on SSL certificates
StartCom StartEncrypt vulnerability allowed issuance of fraudulent google.com, dropbox.com, etc certificates
SHA-1 issuance by Visa root
SHA-1 issuance by DocuSign root
DigiCert / Inteso San Paulo: Double dot characters
SHA-1 issuance by DigiCert roots