PRWeb The Leader Press Release Distribution
See How PRWeb Works

We're here to help 1-866-640-6397

Login Create Free Account

Why PRWeb Customer Examples Pricing Tools & Tips

All Press Releases for June 25, 2003 Subscribe to this News Feed    
 

Comodo discovers security vulnerability in competitors SSL Certificates

Unique serial numbers duplicated across multiple certificates Bradford UK, 23rd June 2003. Comodo, the internet security specialists, has today announced the results of a 9 month investigation into the security of SSL Certificates issued by some certification authorities. The investigation has found that some certificates have a vulnerability which could cause security issues as well as breaking X.509 and RFC specifications.

The investigation, carried out by Comodo Research Labs security experts, has identified that some of the SSL Certificates issued by Thawte have the same serial number duplicated across multiple certificates for unrelated domains. X.509 specifications state (03/2000) that The value of serialNumber shall be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate)." whilst RFC 3280 section 4.1.2.2 states The serial number MUST be a positive integer assigned by the CA to each certificate. It MUST be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate)."

Robin Alden, Head of Server Solutions, Comodo Research Labs said, Every Comodo certificate adheres to processes which would not allow this vulnerability to happen and we were surprised to come across instances of this from other CAs during our investigation."

Commenting on these findings, Melih Abdulhayoglu, Chief Security Architect, Comodo Group said At Comodo we are always striving to best serve both our customers and the online community as a whole. We will be happy to pass our findings onto Thawte so that they can take the necessary remedial action to their certificate generation procedures."

Comodo offers the InstantSSL range of certificates which uniquely balances low costs, full two-step validation, 128 bit encryption and 99.3% browser compatibility with fast issuance, expert customer support and a number of partner-to-Comodo interface methods to establish a clear position in the security market. Over 1000 industry-leading companies have partnered with Comodo since the launch of InstantSSL in March 2002.

About Comodo:
Comodo (www.comodogroup.com) is a leading Internet security specialist and provides next generation E-commerce Security Solutions. Through a growing range of products, services and applications developed by its dedicated research lab, Comodo provides software, hardware, secure messaging and certificate based security.

After its first year of issuing SSL Certificates, Comodo has quickly become the 2nd largest Certification Authority in the world. For product information please contact US (720) 904-9120 or Europe +44 (0) 1622 832 700 or visit the Comodo Home Page at www.comodogroup.com.

OPTIONS
Printer Friendly Version
Email this story to a colleague
CONTACT INFORMATION
James Turner
Comodo Group
Email us Here
ATTACHED FILES

There are no multimedia files attached to this release. If this is your release, you may add images or other multimedia files through your PRWeb News Management Console.
ABOUT PRESS RELEASES
If you have any questions regarding information in these press releases please contact the company listed in the press release. Please do not contact PRWeb. We will be unable to assist you with your inquiry. PRWeb disclaims any content contained in these release. Our complete disclaimer appears here.
 

© Copyright 1997-2009, Vocus PRW Holdings, LLC.
Vocus, PRWeb and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

About PRWeb | News about PRWeb | Contact Us | Terms of Service | Privacy Policy | Copyright