VeriSign Rejected Comodo Claims of Flaw in SSL Certification

Comodo, the well-known manufacturer of Firewall, has announced that they discovered a vulnerability in the VeriSign SSL certification and informed about the flaw to VeriSign.

The vulnerability exists in the web pages used for processing customer security certificates. The revelation made by Comodo has put some big names on Internet at great risk of many targeted attacks.

Melih Abdulhayoglu, CEO, Comodo, said that the web pages, which could be accessed publicly, disclosed sensitive information of VeriSign customers - the Commonwealth of Massachusetts and the Bank of America, as reported by The Register on June 24, 2010.

Abdulhayoglu further said that VeriSign exposed the e-mail addresses of security certificate managers as well as a big list of addresses that employed secure sockets layer protection. The exposition of critical information has put the big names at high risk of facing targeted phishing assaults.

The vulnerability includes an easy search for specific keyword that takes the user to a VeriSign account public access page.

The access to these accounts merely pass phrase away. Hackers from China and Russia can make way to pass the password. The users should remember that the strength of security depends on its weakest link, said Abdulhayoglu.

A VeriSign spokesperson stated that Comodo hadn't announced the vulnerability. In fact, it hadn't discovered any vulnerability, as reported by TG Daily on June 22, 2010.

VeriSign sent a reply to Comodo saying that the organization was thankful for bringing this to its notice, but the information accessed belonged to the public and could be found in multiple ways. The pages discovered by Comodo were mere the public portals of customers' authenticated work to be performed, as reported by Techie Buzz on June 23, 2010.

Due to their nature, these pages could be accessed publicly and therefore, the accessibility of these web pages does not create any serious security flaw, said VeriSign spokesperson.

Commenting on the dispute, the security experts said that the main reason for such a harsh response from VeriSign was the competition between Comodo and VeriSign in the field of digital certificate business. If VeriSign accepted the exploit, it would have raised question on its position as the unchallenged certification authority.

Related article: Viruses Pose Biggest Threat to Asian Companies

» SPAMfighter News - 7/5/2010