GoDaddy revokes thousands of SSL certificates due to code bug

Six-month-old error led to almost 9,000 certificates being incorrectly issued

Bug bounty

Thousands of SSL certificates have been revoked by domain registrar and hosting firm GoDaddy after it was discovered a bug had led to them being incorrectly issued.

The error, which meant certificates had been issued without the proper checks and authorisation, had been present in the company's code for around six months before being pointed out by a customer.

The issue has now been fixed, the company stated, but the bug allowed 8,850 faulty certificates to be issued prior to its detection. These certificates have now been revoked and the code has been changed to ensure they are not re-issued.

"While we are confident that we have completely resolved the problem, we are watching our system closely to ensure that no more certificates are issued without proper domain validation," said GoDaddy's senior internet product and technology leader, Wayne Thayer. "We will take immediate action and report any further issues if found."

"A full post-mortem review of this incident will occur and steps will be taken to prevent a recurrence, including the addition of automated tests designed to detect this type of scenario. If more information about the cause or impact of this incident becomes available, we will publish updates to this report," he added

The issue stemmed from an error in the validation process, Thayer wrote as part of a post announcing the problem. This error resulted in the verification system returning a positive result, even if it came back with a HTTP 404 status code, rather than the HTTP 200 code which designates a successful check.

"We are currently unaware of any malicious exploitation of this bug to procure a certificate for a domain that was not authorised," Thayer concluded.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Microsoft Azure Digital Twins previews new features
Cloud

Microsoft Azure Digital Twins previews new features

30 Jun 2020
AWS launches Amazon Detective for investigating security incidents
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020

Most Popular

Windows XP source code allegedly leaked online
Microsoft Windows

Windows XP source code allegedly leaked online

25 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020