اخبار

رفع مشکل باگ امنیتی Let’s encrypt

در تاریخ 2020-02-29 شرکت Let’s encrypt یک باگ امنیتی بر روی گواهی SSL این شرکت پیدا کرد .

متن اطلاعیه :

On 2020-02-29 UTC, Let’s Encrypt found a bug in our CAA code. Our CA software, Boulder, checks for CAA records at the same time it validates a subscriber’s control of a domain name. Most subscribers issue a certificate immediately after domain control validation, but we consider a validation good for 30 days. That means in some cases we need to check CAA records a second time, just before issuance. Specifically, we have to check CAA within 8 hours prior to issuance (per BRs §3.2.2.8), so any domain name that was validated more than 8 hours ago requires rechecking.

The bug: when a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let’s Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let’s Encrypt.

We confirmed the bug at 2020-02-29 03:08 UTC, and halted issuance at 03:10. We deployed a fix at 05:22 UTC and then re-enabled issuance.

Our preliminary investigation suggests the bug was introduced on 2019-07-25. We will conduct a more detailed investigation and provide a postmortem when it is complete.

برای رفع مشکل در کنترل پنل Cpanel از کامند زیر استفاده کنید :

git clone https://github.com/1817666/cPanel-LetsEncrypt-Rechecking-Bug-Fix.git cd cPanel-LetsEncrypt-Rechecking-Bug-Fix chmod +x cpanel-letsencrypt.sh ./cpanel-letsencrypt.sh

لینک مرجع دستور

برچسب ها

پویا شفاعی

از سال 1396 در زمینه خدمات هاستینگ فعالیت دارم , در سال 1398 فعالیت خود را در حوزه سئو آغاز کرده ام . امیدوارم مطالب و مقالات من برای شما مفید واقع گردد .

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

دکمه بازگشت به بالا
بستن
بستن