Status
Not open for further replies.

Jack

Administrator
Verified
Staff member
Hackers managed to compromise the website of Comodo Brazil and extracted sensitive information about the company's SSL certificate customers.

It seems the attack vector used in this case was SQL injection. A partial database dump was posted on pastebin.com Saturday together with information about the vulnerability.

The compromised data includes certificate authority name, email, fax, phone number, order number, certficate request, private key file name and other details.

Customer details like organization names, addresses, telephones, domain names, type of web servers, serial numbers and more, are also included.


There is also a list of what appears to be employee accounts, with @comdobr.com email addresses and hashed passwords. The password for an account called validacao@comodobr.com (validation@) is listed in plain text.

The password was most likely posted like this intentionally by attackers, because all hashes appear to be unsalted MD5 and are trivial to crack.

[attachment=316]

More details - link
 

Attachments

  • SSL-Customer-Data-Extracted-from-Comodo-Brazil-Website-3.jpg
    SSL-Customer-Data-Extracted-from-Comodo-Brazil-Website-3.jpg
    337.8 KB · Views: 423
D

Deleted member 178

RE: Sensitive Data Extracted from Comodo Brazil Website

they should install CIS ^^ ok i leave...
 

Valentin N

New Member
RE: Sensitive Data Extracted from Comodo Brazil Website

this a second time now. I hope comodo takes care of it.
 

Littlebits

Retired Staff
RE: Sensitive Data Extracted from Comodo Brazil Website

There has been several security sites hacked recently. Which proves if a hacker want to get in sooner or later they will. This must be a big embarrassment to Comodo since they issue trust certificates and their motto is "Creating Trust Online".:lol:

Thanks.:D
 

moonshine

Level 7
Verified
RE: Sensitive Data Extracted from Comodo Brazil Website

Bad job for Comodo at securing their site, Thumbs Down for Comodo.
 
D

Deleted member 178

RE: Sensitive Data Extracted from Comodo Brazil Website

maybe Melhi will find another good reason to explain it to his fanboys, after Iran conspiracy; maybe chinese now ^^
 

HeffeD

New Member
RE: Sensitive Data Extracted from Comodo Brazil Website

BoXX28 said:
Bad job for Comodo at securing their site, Thumbs Down for Comodo.

It wasn't Comodo's site. It was a reseller.

Unfortunately, the majority of the people (as evidenced here) will not understand the distinction.
 
D

Deleted member 178

RE: Sensitive Data Extracted from Comodo Brazil Website

It wasn't Comodo's site. It was a reseller.
Unfortunately, the majority of the people (as evidenced here) will not understand the distinction.

so people should not post a thread with approximative info. for me Comodo Brazil or Comodo Jupiter, is Comodo.
 

HeffeD

New Member
RE: Sensitive Data Extracted from Comodo Brazil Website

umbrapolaris said:
so people should not post a thread with approximative info. for me Comodo Brazil or Comodo Jupiter, is Comodo.

Exactly my point. It reflects badly on Comodo because people see Comodo Whatever and assume it is Comodo that has been hacked, when in fact it is only someone who sells Comodo products. They should really differentiate things better between the company and resellers so there isn't this confusion.
 

eXPerience

Level 1
RE: Sensitive Data Extracted from Comodo Brazil Website

Anyway, this is the most intriguing part for me :


The site is protected by Comodo + is an official Comodo reseller... imo, the leak doesn't only apply to the reseller, it applies Comodo...
oh and btw, as it's protected my Comodo, it's unleakable, or at least that's what Melih told me :sleepy:

eXp
 
D

Deleted member 178

RE: Sensitive Data Extracted from Comodo Brazil Website

i never trusted Comodo CEO ^^ and less now hahaha
 

HeffeD

New Member
RE: Sensitive Data Extracted from Comodo Brazil Website

The hacker shield is a daily check to make sure all is legit within the website. (Looking for redirected links or similar, I'd assume...) It isn't an intrusion detection or dynamic protection system.

In other words, if someone wanted to access data on the resellers servers, hacker shield wouldn't protect against this.
 

jamescv7

Level 85
Verified
Trusted
RE: Sensitive Data Extracted from Comodo Brazil Website

eXPerience said:
Anyway, this is the most intriguing part for me :


The site is protected by Comodo + is an official Comodo reseller... imo, the leak doesn't only apply to the reseller, it applies Comodo...
oh and btw, as it's protected my Comodo, it's unleakable, or at least that's what Melih told me :sleepy:

eXp

With that picture, as far I know some rogue sites have with this logo.
 

eXPerience

Level 1
RE: Sensitive Data Extracted from Comodo Brazil Website

HeffeD said:
The hacker shield is a daily check to make sure all is legit within the website. (Looking for redirected links or similar, I'd assume...) It isn't an intrusion detection or dynamic protection system.

In other words, if someone wanted to access data on the resellers servers, hacker shield wouldn't protect against this.
ok, that's one thing cleared up then =)

I'm guessing that the reseller will now be a bit more carefull and hope that Comodo gives the others some guidelines on how to protect themselves ...
Even though it might just have been a reseller (which is already bad enough), as they're selling Comodo products, people will not make the difference between them and therefor start to distrust Comodo.

eXp
 

HeffeD

New Member
RE: Sensitive Data Extracted from Comodo Brazil Website

Agreed.

People will just see the Comodo name and assume (as they already have) that it is Comodo. So anyone using Comodo's name will reflect badly on Comodo when something like this happens. So it would really be in the best interest of Comodo to ensure that resellers security is up to certain corporate standards.

It's fairly easy to protect against SQL injection, so something like this didn't need to happen.
 

LoftedAphid86

New Member
RE: Sensitive Data Extracted from Comodo Brazil Website

HeffeD said:
Agreed.

People will just see the Comodo name and assume (as they already have) that it is Comodo. So anyone using Comodo's name will reflect badly on Comodo when something like this happens. So it would really be in the best interest of Comodo to ensure that resellers security is up to certain corporate standards.

It's fairly easy to protect against SQL injection, so something like this didn't need to happen.
I've added [RESELLER] to the title so as to make the distinction clear for us at least.
 
Status
Not open for further replies.
Top