Content Warning

By clicking okay/accept/consent, you may be exposed to content that is not safe for work, or possibly not even safe for life.

This is your one and only warning.

Comfy Snugs
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
Red@reddthat.comM to TechSploits@reddthat.comEnglish ·
edit-2
1 year ago

acme.sh is executing arbitrary commands from a CA

twitter.com

external-link
message-square
0
fedilink
1
external-link

acme.sh is executing arbitrary commands from a CA

twitter.com

Red@reddthat.comM to TechSploits@reddthat.comEnglish ·
edit-2
1 year ago
message-square
0
fedilink

A Chinese certificate authority (“HiCA”, hi.cn/en/) is injecting arbitrary commands into the ACME challenge process, which acme.sh then executes on the client machine. Here’s my current analysis: https://github.com/acmesh-official/acme.sh/issues/4659

alert-triangle
You must log in or register to comment.

TechSploits@reddthat.com

techsploits@reddthat.com

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !techsploits@reddthat.com

All things relating to breaking tech, tech breaking, OSS, or hacking together software to perform something completely out of the ordinary, on purpose or by accident.

Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 0 users / day
  • 1 user / week
  • 1 user / month
  • 1 user / 6 months
  • 0 local subscribers
  • 0 subscribers
  • 10 Posts
  • 0 Comments
  • Modlog
  • mods:
  • Red@reddthat.com
  • BE: 0.19.5
  • Modlog
  • Legal
  • Instances
  • Docs
  • Code
  • join-lemmy.org