Cloudflare identified 12 mis-issued TLS certificates for its 1.1.1.1 DNS service, all originating from Microsoft-trusted Fina CA since February 2024. This "unacceptable lapse" by Fina CA, attributed to an internal testing error, presented a significant security vulnerability that could have allowed decryption of DNS queries or user redirection. While all certificates are now revoked and no malicious use has been detected, the incident underscores critical supply chain security risks within internet infrastructure and highlights Cloudflare's acknowledged delay in detection via Certificate Transparency.
A significant security incident has emerged involving Cloudflare (NET), with the discovery of twelve mis-issued TLS certificates for its 1.1.1.1 DNS service since February 2024. The certificates, originating from Microsoft-trusted Certificate Authority Fina CA, created a critical vulnerability that could have enabled the cryptographic impersonation of Cloudflare's services to decrypt user DNS queries. Fina CA attributed the mis-issuance to an internal testing error, but Cloudflare has labeled it an "unacceptable lapse in security." While all certificates have been revoked and Cloudflare reports no evidence of malicious exploitation, the company acknowledged its own monitoring failure, stating it "should have caught and responded to [it] earlier." This event, carrying a 'moderately negative' sentiment, underscores a material supply chain risk within the internet's core infrastructure, as the failure originated from a trusted third-party vendor, impacting a key service for a major security provider.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
moderately negative
Sentiment Score
-0.50
Ticker Sentiment
