| The OP is explicitly not doing coordinated disclosure yet. <del>No post / incident on CA/Browser Forum also.</del> Edit: Incident on dev-security-policy@moz: https://groups.google.com/a/mozilla.org/g/dev-security-polic... --- Translation by LLM of the post on Chinese forum V2EX: LiteSSL appears to be a CA that only emerged last year. It provides free TrustAsia-backed wildcard certificates issued via ACME. However, in my testing, its ACME server very frequently errors out with: > Too many concurrent connections from IP 10.254.14.70 (limit: 10),
> urn:ietf:params:acme:error:rateLimited:concurrent This clearly indicates a backend misconfiguration: LiteSSL incorrectly treats the reverse proxy’s internal IP as the client’s real IP when applying rate limits. More seriously, LiteSSL has a *critical authentication vulnerability*. Its DNS-01 challenge cache appears to have a very long validity period, and it does *not* verify that a certificate issuance request comes from the same ACME account that completed the original DNS-01 challenge. As a result, anyone can arbitrarily re-issue (steal-sign) certificates that were originally issued via DNS-01. You can browse certificates issued by this CA here (ECC/RSA behave similarly). Pick any certificate with a wildcard domain, and you can re-issue it using your own LiteSSL ACME account without triggering validation: [https://crt.sh/?CN=%25&iCAID=438132](https://crt.sh/?CN=%25&iCAID=438132) `ssyhwa.cloudns.cl` is a temporary domain I created for testing; it has already passed DNS-01 validation and can reproduce the issue. `*.vaadd.com` was a randomly selected victim domain, and I was also able to successfully steal its certificate. |