this post was submitted on 09 Jun 2023
1 points (100.0% liked)

TechSploits

480 readers
1 users here now

All things relating to breaking tech, tech breaking, OSS, or hacking together software to perform something completely out of the ordinary, on purpose or by accident.

founded 2 years ago
MODERATORS
reddthat@reddthat.com
1
acme.sh is executing arbitrary commands from a CA (twitter.com)
submitted 2 years ago* (last edited 2 years ago) by reddthat@reddthat.com to c/techsploits@reddthat.com
0 comments fedilink hide all child comments
 

A Chinese certificate authority ("HiCA", hi.cn/en/) is injecting arbitrary commands into the ACME challenge process, which acme.sh then executes on the client machine. Here's my current analysis: https://github.com/acmesh-official/acme.sh/issues/4659

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here