Schneier - Let's Encrypt Vulnerability
The BBC is reporting a vulnerability in the Let's Encrypt certificate service:
In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code.
"Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates. To avoid disruption, you'll need to renew and replace your affected certificate(s) by Wednesday, March 4, 2020. We sincerely apologise for the issue."
I am seeing nothing on the Let's Encrypt website. And no other details anywhere. I'll post more when I know more.
from Schneier on Security https://www.schneier.com/blog/archives/2020/03/lets_encrypt_vu.html
Comments
Post a Comment