Thank you for posting that notice.
It's not clear whether the leak impacted issuance. From the link you cited:
------------------------------------------------------------------------
*** Other documents appeared to be Comodo vulnerability reports. ***
Ursem’s cursory review of the data did not turn up any customer
certificates private keys, however.
------------------------------------------------------------------------
(emphasis added). If "Comodo vulnerability reports" means unfixed
security bugs reported to or known by Comodo, there could be continuing
exposure to hacking, possibly affecting issuance.
-R
On 7/27/2019 3:06 PM, Ángel via dev-security-policy wrote:
A set of credentials mistakenly exposed in a public GitHub repository
owned by a Comodo software developer allowed access to internal Comodo
documents stored in OneDrive and SharePoint:
https://techcrunch.com/2019/07/27/comodo-password-access-data/
It doesn't seem that it affected the certificate issuance system, but
it's an ugly security incident nevertheless.
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
