Closed Bug 1430163 Opened 8 years ago Closed 7 years ago

New CCADB Entry for localhost.cmdm.comodo.net

Categories

(Toolkit :: Blocklist Policy Requests, enhancement)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: wthayer, Assigned: jcj)

References

Details

Please add the following certificate to OneCRL: https://crt.sh/?id=245397620 Hanno Bock reported (and Rob Stradling confirmed) that the private key is compromised: Comodo ITSM (IT Service Management Software) runs an HTTPS server on localhost and port 21185. The domain localhost.cmdm.comodo.net pointed to localhost. It is obvious that with this setup the private key is part of the application and thus compromised. With advanced next generation key extraction software (strings and grep) I was able to extract the private key from the software executable. There exist two certificates that use the same key plus two precertificates. Only one of the certificates is still valid, the other is expired. List: https://crt.sh/?spkisha256=accbb60afe2d28949e21d76f298a2f20c0a24488ad0980ea31b4c0e04b952879 I reported this to Comodo earlier today and the certificate got revoked very quickly. It was pointed out to me that Comodo ITSM was developed by Comodo Security Solutions and that Comodo CA played no part in the development of that software.
Assignee: nobody → jjones
See Also: → 1430172
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.