Users who want to use free StartSSL certificates can take advantage of their StartEncrypt offering.
They only need to download a Linux client that they are required to upload to their servers.
This means the client was exposed to Open Redirect susceptibilities.
However, this feature is not that simply usable.
While the first condition was quite uncommon, the second was not.
Moreover, StartEncrypt is vulnerable to a Duplicate-Signature Key Selection attack just like Lets Encrypt.
Furthermore, they didnt learn from the issues LetsEncrypt faced when in beta.
StartCom has released a new version of the StartEncrypt Linux client, with the same version number 1.0.0.1.
Source:Softpedia
Read More
source: www.techworm.net
