Universal Ssl
Monthly
TLS certificate misissuance affecting Cloudflare Universal SSL zones lets an attacker who controls an ACME account at a CA in the auto-managed CAA RRset obtain a browser-trusted certificate for a victim domain, because Cloudflare's authoritative DNS serves a permissive auto-managed CAA RRset that supersedes customer-set records and drops RFC 8657 accounturi/validationmethods bindings. The result is a bypass of account-binding and validation-method-binding protections end-to-end, enabling MITM against the affected domain. Reported by Cloudflare (researcher David Osipov) with no public exploit identified at time of analysis; CVSS 4.0 base score is 7.6 with high attack complexity and a present attack requirement.
TLS certificate misissuance affecting Cloudflare Universal SSL zones lets an attacker who controls an ACME account at a CA in the auto-managed CAA RRset obtain a browser-trusted certificate for a victim domain, because Cloudflare's authoritative DNS serves a permissive auto-managed CAA RRset that supersedes customer-set records and drops RFC 8657 accounturi/validationmethods bindings. The result is a bypass of account-binding and validation-method-binding protections end-to-end, enabling MITM against the affected domain. Reported by Cloudflare (researcher David Osipov) with no public exploit identified at time of analysis; CVSS 4.0 base score is 7.6 with high attack complexity and a present attack requirement.