As Daniel noted, this is considered a key compromise event, and a violation of the subscriber agreement that all CAs are required to adhere to, with respect to the protection of the private key.
The issuing CA is obligated to revoke this certificate within 24 hours of being made aware of this. Thank you for bringing it to the community's attention. On Sun, Jun 18, 2017 at 12:29 PM Daniel Cater via dev-security-policy < [email protected]> wrote: > This is now on crt.sh here: > https://crt.sh/?id=156475584&opt=cablint,x509lint > > This is indeed a key compromise event, thanks for the level of detail > provided. > > An attacker in control of a network could use this to impersonate > https://drmlocal.cisco.com/ and leverage that to potentially steal a > user's secure cookies from other Cisco subdomains if they were scoped to > the whole cisco.com domain. > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
