SSL

Low Cost, High Assurance, SSL Certificates

Search
Search:
Contact Us For SSL Add SSL to your shopping cart SSL Assistance

Contact Sales:  US: +1.888.266.6361  International: +1.703.581.6361

Select Your Region

Secure Account Login

Forgotten Password?

You are here : Comodo SSL Home > News

round corner round corner round corner round corner

Contact our Press Response Team

press@comodogroup.com
Telephone:
Tel: + 1.888.266.6361
Tel: + 1.703.581.6361


Latest News

Comodo discovers security vulnerability in competitors SSL Certificates

Unique serial numbers duplicated across multiple certificates

Bradford UK, 23rd June 2003. Comodo, the internet security specialists, has today announced the results of a 9 month investigation into the security of SSL Certificates issued by some certification authorities. The investigation has found that some certificates have a vulnerability which could cause security issues as well as breaking X.509 and RFC specifications.

The investigation, carried out by Comodo Research Labs security experts, has identified that some of the SSL Certificates issued by Thawte have the same serial number duplicated across multiple certificates for unrelated domains. X.509 specifications state (03/2000) that "The value of serialNumber shall be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate)." whilst RFC 3280 section 4.1.2.2 states "The serial number MUST be a positive integer assigned by the CA to each certificate. It MUST be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate)."

Robin Alden, Head of Server Solutions, Comodo Research Labs said, "Every Comodo certificate adheres to processes which would not allow this vulnerability to happen and we were surprised to come across instances of this from other CAs during our investigation."

Commenting on these findings, Melih Abdulhayoglu, Chief Security Architect, Comodo Group said "At Comodo we are always striving to best serve both our customers and the online community as a whole. We will be happy to pass our findings onto Thawte so that they can take the necessary remedial action to their certificate generation procedures."

Comodo offers the Instant SSL range of certificates which uniquely balances low costs, full two-step validation, 128 bit encryption and 99.3% browser compatibility with fast issuance, expert customer support and a number of partner-to-Comodo interface methods to establish a clear position in the security market. Over 1000 industry-leading companies have partnered with Comodo since the launch of Instant SSL in March 2002.

About Comodo: Comodo (www.comodo.com ) is a leading Internet security specialist and provides next generation E-commerce Security Solutions. Through a growing range of products, services and applications developed by its dedicated research lab, Comodo provides software, hardware, secure messaging and certificate based security.

After its first year of issuing SSL Certificates, Comodo has quickly become the 2nd largest Certification Authority in the world. For product information please contact + 1.888.266.6361 or + 1.703.581.6361 or visit the Comodo Home Page at www.comodo.com.