Not vulnerabilities mentioned in this thread, but a Human-Audit weak process. Detail you can see the reply content i send to Mr.Wang
在 2016年8月27日星期六 UTC+8上午4:24:44,Jonathan Rudenberg: > Here’s the crt.sh link for this certificate: https://crt.sh/?id=29884704 > > Can you provide more details about where this certificate came from? Did you > issue it using one of the vulnerabilities discussed in this thread? > > > On Aug 26, 2016, at 01:12, 233sec Team <[email protected]> wrote: > > > > Wosign's Issue mechanism is high risking for large enterprise. > > This is one prove: > > > > https://gist.github.com/xiaohuilam/8589f2dfaac435bae4bf8dfe0984f69e > > > > Alicdn.com is the cdn asset domain name of Taobao/tmall who belong to > > alibaba, which are Chinese biggest online shopping websites. > > With the fake cert's middle man attack, password stealing, information > > leaking... > > _______________________________________________ > > dev-security-policy mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
