Hanno, thanks for reporting this to us earlier today.
Mozilla, please consider adding https://crt.sh/?id=245397620 to OneCRL. Thanks.
On 12/01/18 15:33, Hanno Böck via dev-security-policy wrote:
Hi, Comodo ITSM (IT Service Management Software) runs an HTTPS server on localhost and port 21185. The domain localhost.cmdm.comodo.net pointed to localhost. It is obvious that with this setup the private key is part of the application and thus compromised. With advanced next generation key extraction software (strings and grep) I was able to extract the private key from the software executable. There exist two certificates that use the same key plus two precertificates. Only one of the certificates is still valid, the other is expired. List: https://crt.sh/?spkisha256=accbb60afe2d28949e21d76f298a2f20c0a24488ad0980ea31b4c0e04b952879 I reported this to Comodo earlier today and the certificate got revoked very quickly. It was pointed out to me that Comodo ITSM was developed by Comodo Security Solutions and that Comodo CA played no part in the development of that software.
-- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy