Choose a Country / Region : Unavailable

Corporate / Press Center

• Company Profile
• Comodo Secure Operations
• Press Center
• Events
• Corporate Biographies
• Careers
• Investor Relations
• Repository
• Fast Facts (PDF)
• Contact Us

Press Contact Email :

media-relations@comodo.com

Tel: + 1.888.266.6361
Tel: + 1.206.203.6361

Latest Press Releases

Comodo discovers security vulnerability in competitors SSL Certificates

Unique serial numbers duplicated across multiple certificates

Bradford UK, 23rd June 2003. Comodo, the internet security specialists, has today announced the results of a 9 month investigation into the security of SSL Certificates issued by some certification authorities. The investigation has found that some certificates have a vulnerability which could cause security issues as well as breaking X.509 and RFC specifications.

The investigation, carried out by Comodo Research Labs security experts, has identified that some of the SSL Certificates issued by Thawte have the same serial number duplicated across multiple certificates for unrelated domains. X.509 specifications state (03/2000) that “The value of serialNumber shall be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate).” whilst RFC 3280 section 4.1.2.2 states “The serial number MUST be a positive integer assigned by the CA to each certificate. It MUST be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate).”

Robin Alden, Head of Server Solutions, Comodo Research Labs said, “Every Comodo certificate adheres to processes which would not allow this vulnerability to happen and we were surprised to come across instances of this from other CAs during our investigation.”

Commenting on these findings, Melih Abdulhayoglu, Chief Security Architect, Comodo Group said “At Comodo we are always striving to best serve both our customers and the online community as a whole. We will be happy to pass our findings onto Thawte so that they can take the necessary remedial action to their certificate generation procedures.”

Comodo offers the InstantSSL range of certificates which uniquely balances low costs, full two-step validation, 128 bit encryption and 99.3% browser compatibility with fast issuance, expert customer support and a number of partner-to-Comodo interface methods to establish a clear position in the security market. Over 1000 industry-leading companies have partnered with Comodo since the launch of InstantSSL in March 2002.

About Comodo:
Comodo (www.comodo.com) is a leading Internet security specialist and provides next generation E-commerce Security Solutions. Through a growing range of products, services and applications developed by its dedicated research lab, Comodo provides software, hardware, secure messaging and certificate based security.

After its first year of issuing SSL Certificates, Comodo has quickly become the 2nd largest Certification Authority in the world. For product information please contact + 1.888.266.6361 or + 1.206.203.6361 or visit the Comodo Home Page at www.comodo.com.