(Ping! Zine) – Comodo announced today that it requested an independent third-party to notify VeriSign of a security vulnerability affecting its customers’ Web sites, including a major financial institution. VeriSign was notified by the independent third-party last Tuesday.
While Comodo is not in a position to fully evaluate the scope of the vulnerability, Comodo believes it is a significant security concern for VeriSign’s customers (and users of their customer’s Web sites) that rely on secure SSL Digital Certificates to transmit business and personal data.
Using publicly available information, Comodo found that a VeriSign customer account of a major financial institution can be easily accessed without authentication. Comodo believes that the vulnerability is not limited to this single account.
Communicating through the independent third party, Comodo urged VeriSign to take immediate steps to correct and remediate the vulnerability and notify all their customers who may be affected by this vulnerability.
“When we uncovered this serious security vulnerability, we knew we had to do the right thing to notify VeriSign immediately to correct the design problem,” explained Melih Abdulhayoglu, chief executive officer and founder of Comodo. “With millions of customer’s financial transactions at stake, we wasted no time to help correct the problem even though it wasn’t ours to begin with.”
Comodo followed the Vulnerability Disclosure Guidelines of the Common Computing Security Standards Forum (CCSS) by using an independent third-party as a medium for disclosure. It provided a disclosure document to VeriSign outlining the vulnerability.