Today in absolutely wild things: a CA abusing an RCE...

Today in absolutely wild things: a CA abusing an RCE in ACME.sh to add their own validation methods to it! https://github.com/acmesh-official/acme.sh/issues/4659

Like 9 Jun 2023 at 8:14 | Open on glauca.space

6 comments

gay gay kitty gay :verified_rainbow:

@q i'm sure it sounded like a great idea in their head.

9 Jun 2023 at 8:25 | Open on catcatnya.com

the vessel of morganna

@q lmao it asks for a crypto payment. of course it does

9 Jun 2023 at 8:34 | Open on social.treehouse.systems

Flüpke

@q @julialuna they’re offering certificates for IPv4 and IPv6 addresses. While I would really love to have something this cursed, I think it’s a terrible idea, given how short-lived customers’ IP allocations typically are.

9 Jun 2023 at 9:15 | Open on chaos.social

Markus

@fluepke @q @julialuna Sure. But, is that really a problem? I mean: Same for domains. No CA can ensure that you will still the owner of the (sub)domain tomorrow 🙂

9 Jun 2023 at 10:18 | Open on mastodon.social

Trolli Schmittlauch 🦥

@q Also rather fitting: That HiCA is affiliated to the cryprocurrency industry, demanding their payments in USD-T.

That space is rich in weird design decisions anyways.

9 Jun 2023 at 10:52 | Open on toot.matereal.eu

Q ✨

@schmittlauch indeed it is!

9 Jun 2023 at 11:01 | Open on glauca.space

Go Up