Certificate vendor Trustico is facing a new crisis after a researcher tweeted about a severe vulnerability in the company’s website. The vulnerability would appear to give root access to – and allow the downloading of – digital certificates. Trustico has sought since early February to revoke about 50,000 certificates, or nearly every digital certificate the 12-year-old company has ever issued. Other researchers, running with Predragovi’s alert, reported that the website appeared to be running as “root,” and that any commands transferred to the site using the data-transfer tool curl could be executed with root-level privileges.”]
Source: https://www.cuinfosecurity.com/trustico-shuts-down-website-over-alert-serious-flaw-a-10692