Buggy Domain Validation Forces GoDaddy To Revoke SSL Certificates

msm1267 quotes a report from Threatpost: GoDaddy has revoked, and begun the process of re-issuing, new SSL certificates for more than 6,000 customers after a bug was discovered in the registrar’s domain validation process. The bug was introduced July 29 and impacted fewer than two percent of the certificates GoDaddy issued from that date through yesterday, said vice president and general manager of security products Wayne Thayer. “GoDaddy inadvertently introduced the bug during a routine code change intended to improve our certificate issuance process,” Thayer said in a statement. “The bug caused the domain validation process to fail in certain circumstances.” GoDaddy said it was not aware of any compromises related to the bug. The issue did expose sites running SSL certs from GoDaddy to spoofing where a hacker could gain access to certificates and pose as a legitimate site in order to spread malware or steal personal information such as banking credentials. GoDaddy has already submitted new certificate requests for affected customers. Customers will need to take action and log in to their accounts and initiate the certificate process in the SSL Panel, Thayer said.

Read more of this story at Slashdot.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.