acme.sh is executing arbitrary commands from a CA (twitter.com)

submitted 1 year ago* (last edited 1 year ago) by reddthat@reddthat.com to c/techsploits@reddthat.com

0 comments fedilink hide all child comments

A Chinese certificate authority ("HiCA", hi.cn/en/) is injecting arbitrary commands into the ACME challenge process, which acme.sh then executes on the client machine. Here's my current analysis: https://github.com/acmesh-official/acme.sh/issues/4659

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here

this post was submitted on 09 Jun 2023

1 points (100.0% liked)

TechSploits

385 readers

4 users here now

All things relating to breaking tech, tech breaking, OSS, or hacking together software to perform something completely out of the ordinary, on purpose or by accident.

founded 1 year ago

MODERATORS

reddthat@reddthat.com