SSL.com Domain Validation Flaw: Incorrectly Verifying Email Domains

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

SSL.com Domain Validation Flaw: Incorrectly Verifying Email Domains

2025-04-19

A security vulnerability has been discovered in SSL.com's domain validation system. By exploiting the BR 3.2.2.4.14 DCV method (Email to DNS TXT Contact), an attacker can trick the system into verifying their email domain, thus obtaining unauthorized certificates. For example, using `[email protected]` as the verification email, SSL.com incorrectly added `aliyun.com` to the list of verified domains, allowing the attacker to obtain certificates for `aliyun.com` and `www.aliyun.com`. This indicates a failure to accurately differentiate between the verification email and the target domain, posing a significant security risk.

(bugzilla.mozilla.org)

Tech domain validation

Silicon Valley Prank: Zuckerberg and Musk Voices Hack Crosswalk Buttons

DIY 360° LiDAR Scanner on a Raspberry Pi