Mismanagement of Certificate Governance in EU Technical Specifications for Digital COVID Certificates: Potential Use of Non-Production Public Key Certificate in Production

Mismanagement of Certificate Governance in EU Technical Specifications for Digital COVID Certificates: Potential Use of Non-Production Public Key Certificate in Production

CVE-2021-40855 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production.

Learn more about our Web Application Penetration Testing UK.