|
|
|
|
|
|
by pfg
3553 days ago
|
|
|
A number of issues can be found here[1]. Among other things, they allowed domain validation on unprivileged ports and issued certificates for "parent" domains when subscribers were able to validate control of a subdomain (i.e. you could get a certificate for github.com by controlling user.github.com). [1]: https://wiki.mozilla.org/CA:WoSign_Issues |
|
|