|
|
|
|
|
|
by james-revisoai
1155 days ago
|
|
|
Yes that's true, but I was just talking about the scenario of having access to port 80 of a server DNS pointed at by some domain. You might have access through editing a proxy rewrite rule, for example. In the attack above you use your own SSL provider for a cert (LE not involved) and you overwrite the cert in a sense that existed before. You choose a provider that just validates with a file location. It's an attack which already requires compromise. |
|
|