Friday, January 15, 17:15
Home security Let's Encrypt revoke 3 million certificates due to error

Let's Encrypt revokes 3 million certificates due to an error

The Let's Encrypt project is about to revoke more than 3 million certificates TLS, because of one error which was discovered in his backend code.

The bug was discovered in Boulder, the Let's Encrypt server software used to verify users and users. domain before issuing a TLS certificate.

More specifically, it affects the CAA (Authorization Authority Authorization) standard within Boulder. CAA is a standard security, by which domain owners can prevent Certification Authorities (CAs) from issuing certificates for their own domains.

All Certification Authorities - such as Let's Encrypt - must abide by the CAA standard, or face severe penalties from browser manufacturers.

However on Saturday, February 29, as reported in a forum, Let's Encrypt revealed that a bug in Boulder ignored the CAA standard.

Let's Encrypt team fixed it error on Saturday, after two hours of processing and now Boulder is verifying the CAA fields before issuing new certificates. It is very unlikely that someone took advantage of this error, the team said.

However, Let's Encrypt has announced that it is recalling everything today certificates issued without appropriate CAA controls, in accordance with industry rules, as dictated by the CA / B forum.

Only 3 of the 116 million certificates were revoked

According to Let's Encrypt, only 2,6% of certificates are affected by this error, representing 3,048,289 certificates.

Of those 3 million, one million are copies for the same domain / subdomain, setting the actual number of certificates affected to approximately 2 million.

After revocation, all affected certificates will cause browsers and other errors applications. So domain owners will need to request a new TLS certificate to replace the old one.

If you want to check which certificates were affected by the error, you can see the list of TLS certificate serial numbers in this σελίδα. Alternatively you can visit the following site.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...

Facebook: Sues Chrome extensions developers for data theft

Facebook has filed a lawsuit against two Portuguese nationals for developing Chrome extensions that collected data from Facebook users.

Cisco does not fix 74 bugs in RV routers that have reached their EOL

Cisco said yesterday that it will not release firmware updates to fix 74 vulnerabilities that have been reported in ...

Hacker commits new crimes while waiting for his release!

A Kosovo hacker was pardoned after his conviction. The hacker provided personally identifiable information over 1.000 ...

Nintendo rules out Game & Watch video hacking

Two copyright claims against a YouTuber have been filed by Nintendo, for a video showing hacking of Super Mario ...