A critical flaw in SSL.com’s domain validation system allowed attackers to fraudulently obtain TLS certificates for major domains, including aliyun.com, Alibaba Cloud’s platform. Researchers discovered the vulnerability in SSL.com’s Domain Control Validation (DCV) process, specifically in the “Email to DNS TXT Contact” method. This loophole enabled attackers to bypass proper authorization and obtain certificates for high-profile domains by manipulating DNS records and email addresses. SSL.com has since revoked 11 certificates that were issued between June 2024 and March 2025, addressing the issue quickly within 24 hours of discovery.
The vulnerability allowed attackers to create DNS TXT records with email addresses from target domains, such as aliyun.com. By requesting certificates for these subdomains, the attackers caused the validation system to incorrectly mark the target domain as verified. This flaw allowed for the issuance of unauthorized certificates for major domains, including those of Alibaba Cloud and other businesses. Although no malicious activity has been confirmed, the potential for phishing, HTTPS interception, or impersonation was significant.
In response, SSL.com temporarily disabled the affected DCV method and revoked the fraudulent certificates. The company has committed to improving its validation logic with enhanced checks and manual audits to prevent similar issues in the future. Cybersecurity experts, such as Mika Chen, have raised concerns about the systemic risks in automated certificate authority (CA) processes, highlighting that a single validation error can undermine trust across the internet. This incident has led to calls for better transparency and stronger safeguards in automated validation systems.
While SSL.com took swift action, the incident underscores the fragility of automated validation systems in certificate issuance. The flaw has raised alarms about the reliance on automation in security-critical processes like TLS certificate validation. Experts urge organizations to monitor Certificate Transparency logs for unauthorized issuances and to ensure proper checks are in place. SSL.com’s quick response mitigated immediate harm, but the incident highlights ongoing challenges in maintaining security in automated systems.
