Compromised certificate for localhost.cmdm.comodo.net / Comodo ITSM

Hi,

Comodo ITSM (IT Service Management Software) runs an HTTPS server on
localhost and port 21185. The domain localhost.cmdm.comodo.net pointed
to localhost.

It is obvious that with this setup the private key is part of the
application and thus compromised. With advanced next generation key
extraction software (strings and grep) I was able to extract the
private key from the software executable.

There exist two certificates that use the same key plus two
precertificates. Only one of the certificates is still valid, the other
is expired. List:
https://crt.sh/?spkisha256=3Daccbb60afe2d28949e21d76f298a2f20c0a24488ad0980=
ea31b4c0e04b952879

I reported this to Comodo earlier today and the certificate got revoked
very quickly. It was pointed out to me that Comodo ITSM was developed
by Comodo Security Solutions and that Comodo CA played no part in the
development of that software.

--=20
Hanno B=C3=B6ck
https://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
0
Hanno
1/12/2018 3:33:00 PM
mozilla.dev.security.policy 1236 articles. 1 followers. Post Follow

1 Replies
5 Views

Similar Articles

[PageSpeed] 55

On Friday, January 12, 2018 at 8:33:42 AM UTC-7, Hanno B=C3=B6ck wrote:
> Hi,
>=20
> Comodo ITSM (IT Service Management Software) runs an HTTPS server on
> localhost and port 21185. The domain localhost.cmdm.comodo.net pointed
> to localhost.
>=20
> It is obvious that with this setup the private key is part of the
> application and thus compromised. With advanced next generation key
> extraction software (strings and grep) I was able to extract the
> private key from the software executable.
>=20
> There exist two certificates that use the same key plus two
> precertificates. Only one of the certificates is still valid, the other
> is expired. List:
> https://crt.sh/?spkisha256=3Daccbb60afe2d28949e21d76f298a2f20c0a24488ad09=
80ea31b4c0e04b952879
>=20
> I reported this to Comodo earlier today and the certificate got revoked
> very quickly. It was pointed out to me that Comodo ITSM was developed
> by Comodo Security Solutions and that Comodo CA played no part in the
> development of that software.
>=20
> --=20
> Hanno B=C3=B6ck
> https://hboeck.de/
>=20
> mail/jabber: hanno@hboeck.de
> GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Can you request a CVE for this? Thanks.
0
kurt
1/17/2018 3:58:43 PM
Reply: