GoDaddy revokes thousands of SSL certificates due to code bug
Six-month-old error led to almost 9,000 certificates being incorrectly issued
Thousands of SSL certificates have been revoked by domain registrar and hosting firm GoDaddy after it was discovered a bug had led to them being incorrectly issued.
The error, which meant certificates had been issued without the proper checks and authorisation, had been present in the company's code for around six months before being pointed out by a customer.
The issue has now been fixed, the company stated, but the bug allowed 8,850 faulty certificates to be issued prior to its detection. These certificates have now been revoked and the code has been changed to ensure they are not re-issued.
"While we are confident that we have completely resolved the problem, we are watching our system closely to ensure that no more certificates are issued without proper domain validation," said GoDaddy's senior internet product and technology leader, Wayne Thayer. "We will take immediate action and report any further issues if found."
"A full post-mortem review of this incident will occur and steps will be taken to prevent a recurrence, including the addition of automated tests designed to detect this type of scenario. If more information about the cause or impact of this incident becomes available, we will publish updates to this report," he added
The issue stemmed from an error in the validation process, Thayer wrote as part of a post announcing the problem. This error resulted in the verification system returning a positive result, even if it came back with a HTTP 404 status code, rather than the HTTP 200 code which designates a successful check.
"We are currently unaware of any malicious exploitation of this bug to procure a certificate for a domain that was not authorised," Thayer concluded.
Navigating the new normal: A fast guide to remote working
A smooth transition will support operations for years to comeDownload now
Leading the data race
The trends driving the future of data scienceDownload now
How to create 1:1 customer experiences at scale
Meet the technology capable of delivering the personalisation your customers craveDownload now
How to achieve daily SAP releases
Accelerate the pace of SAP change to support your digital strategyDownload now