ACME TLS-SNI-01/02 challenge vulnerable when combined with shared hosting providers
https://hackerone.com/reports/304378
🕴🏽 @Phantasm_Lab
Frans Rosén (fransrosen)The ACME TLS-SNI-01 (and TLS-SNI-02) specification assumed wrong in terms of how current major cloud providers routed and validated domains. This was reported earlier this week to Let's Encrypt, and they decided to disable the method. Today Let's Encrypt decided to sunset both TLS-SNI-01 and TLS-SNI-02 due to the vulnerability I found. https://hackerone.com/reports/304378
🕴🏽 @Phantasm_Lab
HackerOne
Internet Bug Bounty disclosed on HackerOne: ACME TLS-SNI-01/02...
The [ACME TLS-SNI-01](https://tools.ietf.org/html/draft-ietf-acme-acme-01#section-7.3) (and [TLS-SNI-02](https://tools.ietf.org/html/draft-ietf-acme-acme-09#section-8.4)) specification assumed...
Forwarded from @Phantasm_Lab
The Hacker Wars takes you to the front lines of the high-stakes battle over the fate of the Internet, freedom and privacy.
🕴🏼 @Phantasm_Lab
🕴🏼 @Phantasm_Lab
Forwarded from @Phantasm_Lab
The Hacker Wars leva você até a linha de frente da batalha de alto risco sobre o destino da Internet, liberdade e privacidade.
🕴🏼 @Phantasm_Lab
🕴🏼 @Phantasm_Lab
Forwarded from @Phantasm_Lab
THE HACKER WARS - Legendado.tar.gz
774.5 MB