Symantec API Flaws reportedly let attackers steal Private SSL Keys and Certificates

By [email protected] (Swati Khandelwal) A security researcher has disclosed critical issues in the processes and third-party API used by Symantec certificate resellers to deliver and manage Symantec SSL certificates.

The flaw, discovered by Chris Byrne, an information security consultant and instructor for Cloud Harmonics, could allow an unauthenticated attacker to retrieve other persons’ SSL certificates, including public and

Via:: Symantec API Flaws reportedly let attackers steal Private SSL Keys and Certificates