SSL.com's domain validation system experienced a critical bug that allowed unauthorized issuance of SSL certificates. This flaw was exploited by attackers to get certificates for legitimate domains, enabling them to create phishing sites and intercept HTTPS traffic. The vulnerability stemmed from incorrect verification procedures involving DNS TXT records, whereby SSL.com erroneously marked the email's domain as verified, allowing unauthorized users to obtain certificates. After discovering the issue, SSL.com revoked 11 certificates, including one for a major company, Alibaba, and has since taken measures to address the bug.
As part of the process of verifying that you control a domain name, SSL.com gives you the option of creating a DNS TXT record _validation-contactemail.
Unfortunately, due to a buggy implementation, SSL.com would also now consider you the owner of the domain used for the contact email.
Collection
[
|
...
]