In 2008, Debian Linux announced a severe security vulnerability in its OpenSSL package, limiting the possible keys. In 2024, many DKIM setups still use vulnerable keys. DKIM allows signing emails with a cryptographic key, but a large number of hosts were found to be vulnerable to the Debian OpenSSL bug. Companies configured
•7m read time• From 16years.secvuln.info
Table of contents
DKIM keys vulnerable to Debian OpenSSL bugHow many keys were vulnerable?Most keys came from one companyWhy are people using keys with a vulnerability from 2008 in 2024?Why is seznam.cz listed as unfixed?Any other disclosure stories?Did you find any other vulnerabilities?How can I check if my DKIM keys are affected by this vulnerability?What is BIMI?What is BIMI, really?What does BIMI have to do with this vulnerability?Wait, haven't you just said that I need an expensive certificate? Doesn't that mean that there needs to be some signature involved from that certificate?Can you explain this with an example?Any other security problems with BIMI?I am an email provider. Should I implement BIMI?I develop an email client. Should I implement BIMI?I am developing a mail server. What should I do about BIMI?Wait, that works? What about the certificates and all that?Why have you created a logo for this vulnerability?Anything else?Sort: