Y
Hacker News
new
|
ask
|
show
|
jobs
by
WirelessGigabit
1109 days ago
This means that acme.sh has an RCE. Once the patch is in I'm rotating all my certs, even though I use ZeroSSL.
I do wonder if what HiCA did gave possibilities to post the private key somewhere else?
1 comments
mholt
1109 days ago
If the executed script transmits the key, then yes. (But the script we observed does not.)
link