Schneier - Let's Encrypt Vulnerability

The BBC is reporting a vulnerability in the Let's Encrypt certificate service:

In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code.

"Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates. To avoid disruption, you'll need to renew and replace your affected certificate(s) by Wednesday, March 4, 2020. We sincerely apologise for the issue."

I am seeing nothing on the Let's Encrypt website. And no other details anywhere. I'll post more when I know more.



from Schneier on Security https://www.schneier.com/blog/archives/2020/03/lets_encrypt_vu.html

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"