Wednesday, May 7, 2025
HomeCyber Security NewsFake Certificate Issued for Alibaba Cloud After SSL.com Validation Trick

Fake Certificate Issued for Alibaba Cloud After SSL.com Validation Trick

Published on

SIEM as a Service

Follow Us on Google News

A critical vulnerability in SSL.com’s domain validation process allowed unauthorized parties to fraudulently obtain TLS certificates for high-profile domains, including Alibaba Cloud’s aliyun.com, researchers revealed this week.

The certificate authority (CA) has since revoked 11 improperly issued certificates, raising concerns about trust in automated validation systems.

How Domain Validation Was Exploited

According to Mozilla report, SSL.com’s Domain Control Validation (DCV) system, designed to verify ownership of a domain before issuing certificates, contained a loophole in its “Email to DNS TXT Contact” method (BR 3.2.2.4.14). Attackers could trick the system by:

- Advertisement - Google News
  1. Creating a DNS TXT record for a subdomain (e.g., _validation-contactemail.[random].test.dcv-inspector.com) with an email address from a target domain (e.g., user@aliyun.com).
  2. Requesting a certificate for the subdomain, triggering a validation email to the provided address.
  3. Completing validation, which erroneously marked aliyun.com (the email’s domain) as verified.

This allowed attackers to request certificates for the target domain itself, bypassing proper authorization.

SSL.com revoked certificates for multiple domains, including:

  • aliyun.com (Alibaba Cloud’s webmail and cloud service)
  • *.medinet.ca (Canadian healthcare software provider)
  • help.gurusoft.com.sg (Singaporean supply-chain tech support)
  • banners.betvictor.com (BetVictor gambling ads)

These certificates could have enabled phishing sites, HTTPS traffic interception, or impersonation of legitimate services.

While no malicious use has been confirmed, the potential for abuse was significant.

In a preliminary report, SSL.com’s Rebecca Kelley acknowledged the flaw, attributing it to an “incorrect implementation” of validation logic.

The compromised DCV method has been temporarily disabled, and affected certificates were revoked within 24 hours of discovery.

Key actions:

  • Revoked certificates: 11 total, issued between June 2024 and March 2025.
  • Disclosure: Full incident report expected by May 2, 2025.
  • Mitigation: Enhanced validation checks and manual audits.

Critics argue the incident underscores systemic risks in automated CA processes. “A single validation bug can compromise trust across the web,” said cybersecurity analyst Mika Chen.

  1. Third-party email providers: CAs must avoid conflating email domain ownership with target domain control.
  2. Transparency: SSL.com has not disclosed whether attackers exploited the flaw beyond the researcher’s demo.
  3. Vigilance: Organizations should monitor Certificate Transparency logs for unauthorized issuances.

SSL.com’s swift revocation limits immediate harm, but the incident highlights the fragile balance between automation and security in certificate issuance. 

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...