Re: Compromised certificate for localhost.cmdm.comodo.net / Comodo ITSM

2018-01-17 Thread kurt--- via dev-security-policy
On Friday, January 12, 2018 at 8:33:42 AM UTC-7, Hanno Böck wrote: > Hi, > > Comodo ITSM (IT Service Management Software) runs an HTTPS server on > localhost and port 21185. The domain localhost.cmdm.comodo.net pointed > to localhost. > > It is obvious that with this setup the private key is

Re: Compromised certificate for localhost.cmdm.comodo.net / Comodo ITSM

2018-01-12 Thread Rob Stradling via dev-security-policy
Hanno, thanks for reporting this to us earlier today. Mozilla, please consider adding https://crt.sh/?id=245397620 to OneCRL. Thanks. On 12/01/18 15:33, Hanno Böck via dev-security-policy wrote: Hi, Comodo ITSM (IT Service Management Software) runs an HTTPS server on localhost and port

Compromised certificate for localhost.cmdm.comodo.net / Comodo ITSM

2018-01-12 Thread Hanno Böck via dev-security-policy
Hi, Comodo ITSM (IT Service Management Software) runs an HTTPS server on localhost and port 21185. The domain localhost.cmdm.comodo.net pointed to localhost. It is obvious that with this setup the private key is part of the application and thus compromised. With advanced next generation key