Comodo recently requested an independent third-party notify VeriSign of a security vulnerability affecting its customers Web sites, including a major financial institution. While Comodo was not in a position to fully evaluate the scope of the vulnerability, Comodo believed it to be a significant security concern for VeriSign's customers (and users of their customer's Web sites) that rely on secure SSL Digital Certificates to transmit business and personal data.
Comodo urged VeriSign to take immediate steps to correct and remediate the vulnerability and notify all their customers who may be affected by this vulnerability. Comodo followed the Vulnerability Disclosure Guidelines of the Common Computing Security Standards Forum (CCSS) by using an independent third-party as a medium for disclosure. It provided a disclosure document to VeriSign outlining the vulnerability.
Comodo acknowledged that VeriSign has made some recent fixes to its security issues that were identified by Comodo.
"We are pleased to see that some of the security flaws have now been addressed by VeriSign, along with an acknowledgement letter we received today from VeriSign recognizing the problem," said Comodo CEO Melih Abdulhayoglu. "However, in our initial request we asked that VeriSign take immediate steps to correct and remediate the vulnerability and notify all their customers who may be affected by this security vulnerability and I truly hope that those steps have been taken."
Administrator details such as emails are no longer visible on the public site, effective yesterday
However, there are still issues that need to be addressed, such as publicly accessible lists of fully qualified domain names.