Cyber security news for all


    Expired root certificate from Sectigo leads to errors in many cases

    The AddTrust External Root certificate expired last Saturday. This was planned, but due to an incorrect implementation, some clients continue to try to build a certificate chain for the expired root certificate, fail and then report an incorrect certificate.

    Actually, the expiry of the certificate should not be a problem. Sectigo owns and uses newer root certificates that are still valid. Modern clients trust these root certificates and automatically use certificate chains that use these newer root certificates. All common browsers behave this way and are therefore not affected by the problem.

    The problem arises from an intermediate certificate that servers send especially for older clients. Very old clients who did not trust the newer root certificates from Sectigo could use the intermediate certificate to create a certificate chain for the root certificate. The intermediate certificate, like the affected root certificate has now expired, which should only affect the very old clients described.However, more modern clients who trust the newer root certificates should find that they can construct a valid certificate chain even without this intermediate certificate – just by using the newer root certificates.

    Older Versions Of The OpenSSL Libraries Are Apparently Affected

    Programs that use these libraries try to build a chain over the expired intermediate certificate even if this is not really necessary because they trust the newer roots of Sectigo. But because the intermediate certificate has now expired, these clients fail and report a certificate error, which in the worst case does not even show which certificate has expired.

    Users affected by the problem can try to remove the AddTrust External Root from the certificates that their system trusts. At least some systems can handle an unknown certificate better than an expired one and then switch to certificate chains to the newer root certificates. With appropriate updates from the client, AddTrust External Root should also automatically disappear from systems sooner or later.

    Recent Articles

    macOS Trojans: Traces lead to Vietnam

    Security researchers have discovered a new macOS Trojans. Behind this could be a well known hacker group that has spied on Vietnamese dissidents in...

    Court forces Tutanota to perform a surveillance function

    Tutanota email only stores its user mails in encrypted form and cannot read them itself. Tutanota is one of the few email providers that...

    Manchester United have been blackmailed by cyber attackers

    The Premier League club Manchester UnitedĀ fell victim to a cyber attack according to the Daily Mail. The cyber criminals are apparently demanding ransom in...

    TikTok has fixed a serious security gap issue

    TikTok accounts paid a researcher a reward of 4000 dollars after he reported two vulnerabilities as part of a disclosure. A combination of both...

    Passwords should be changed for Fortinet VPNs

    Administrators should change the access for Fortinet VPNs in use. Log-in information for almost 50,000 VPN networks has appeared in various cyber blogs. A security...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox