"Researcher Says API Flaw Exposed Symantec Certificates, Including Private Keys"
A security researcher, Chris Byrne, has exposed vulnerabilities in the API utilized by Symantec that would expose Symantec certificates and private keys. Although this discovery was discovered in 2015, disclosure was dissuaded by Symantec due to the time it would take to fix the issues. Although Symantec has ensured that any certificates handled through the vulnerabilities would be found and replaced, it will take a prolonged time to do so. This article discusses how these API flaws could be exploited by attackers and Symantec’s response to Chris Byrne research claim.
Submitted by Anonymous
on