Hi, Comodo ITSM (IT Service Management Software) runs an HTTPS server on localhost and port 21185. The domain localhost.cmdm.comodo.net pointed to localhost.
It is obvious that with this setup the private key is part of the application and thus compromised. With advanced next generation key extraction software (strings and grep) I was able to extract the private key from the software executable. There exist two certificates that use the same key plus two precertificates. Only one of the certificates is still valid, the other is expired. List: https://crt.sh/?spkisha256=accbb60afe2d28949e21d76f298a2f20c0a24488ad0980ea31b4c0e04b952879 I reported this to Comodo earlier today and the certificate got revoked very quickly. It was pointed out to me that Comodo ITSM was developed by Comodo Security Solutions and that Comodo CA played no part in the development of that software. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
