Jump to content

Comodo (Brazil) website hacked


Recommended Posts

Well, it's all over the Internet by now (100,000+ hits in Google) but yet another Comodo subsidiary has been hacked and, once again Comodo has egg all over its face. :blush:

That's the fourth known instance of a Comodo subsidiary or reseller being hacked this year. You might remember that the hack of the Italian subsidiary/reseller a couple of months ago caused Microsoft, Mozilla and Apple to issue emergency updates revoking the fraudulent SSL certificates that the hacker issued himself, for Google, Mozilla, Skype and Windows Live (actual domains were: mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and login.live.com.

This time it's the website of Comodo Brazil and the login details of its employees have been posted on the internet, together with customer details and information on their certificates.

Softpedia (see this link) reports as follows:

Hackers managed to compromise the website of Comodo Brazil and extracted sensitive information about the company's SSL certificate customers.

It seems the attack vector used in this case was SQL injection. A partial database dump was posted on pastebin.com Saturday together with information about the vulnerability.

The compromised data includes certificate authority name, email, fax, phone number, order number, certficate request, private key file name and other details.

Customer details like organization names, addresses, telephones, domain names, type of web servers, serial numbers and more, are also included.

There is also a list of what appears to be employee accounts, with @comdobr.com email addresses and hashed passwords. The password for an account called validacao@comodobr.com (validation@) is listed in plain text.

The password was most likely posted like this intentionally by attackers, because all hashes appear to be unsalted MD5 and are trivial to crack.

No kidding, the effort needed to "crack" those password hashes is indeed minimal. In some cases you can just look them up, no "cracking" effort needed at all! :blink:

Comodo President and CEO Melih Abdulhayoglu is trying to brush off the matter, because no certificates were issued as a result of the breach, but the data posted on the internet is still sensitive whatever he says.


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...