Skip to Content

e-Tugra vulnerabilities

Updated on 2022-12-01: e-Tugra vulnerabilities

Security researcher Ian Carroll has disclosed a series of misconfigurations in the infrastructure of e-Tugra, a Turkey-based certificate authority. Carroll said the misconfigured infrastructure allowed them to get access to backend systems controlling the CA’s systems and even to massive troves of highly-sensitive customer data. Read more: Security concerns with the e-Tugra certificate authority

“In many regards, certificate authorities are audited comprehensively against industry-specific audit standards. Certificate authorities also routinely get hacked. Despite this, not a single certificate authority runs a bug bounty program, and of the major CAs, only GlobalSign and Let’s Encrypt even offer a security.txt to help disclose issues. Only an annual penetration is generally required of CAs.”

Overview: e-Tugra certificate authority exposing internal systems to the internet

Certificate authorities are important. They vouch for the legitimacy of websites that you visit online with HTTPS certificates and are trusted by the big browsers. But Carroll found e-Tugra, a Turkey-based certificate authority, had exposed internal administrative tools and systems to the internet with their default credentials published on the exposed pages themselves. Carroll received no response from the authority after privately disclosing the issue. Read more: Security concerns with the e-Tugra certificate authority

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.