CyberNews Briefs

Let’s Encrypt to revoke 3 million certificates on March 4 due to software bug

On Wednesday, March 4, the Let’s Encrypt project plans to revoke more than 3 million TLS certificates after it discovered a bug hidden within its backend’s code. The bug impacted Let’s Encrypt server software, called Boulder, that the company uses to verify users and their domains before they issue a certificate. The code flaw impacted the Certificate Authority Authorization (CAA) specification inside Boulder.

Let’s Encrypt, which is a Certificate Authority, must follow specific CAA guidelines by law, otherwise facing steep penalties. In a post made on Saturday, Let’s Encrypt disclosed that the bug in Boulder ignored CAA checks, stating that although they patched the bug on Saturday, the organization plans to revoke all certificates that were issued while the bug was in effect.

Read More: Let’s Encrypt to revoke 3 million certificates on March 4 due to software bug

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.