Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/ryanc/statuses/114190560707672619">Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 20-Mar-2025 03:41:21 JST</a><a href="https://infosec.exchange/@ryanc" title="ryanc@infosec.exchange"><img src="https://gnusocial.jp/avatar/174285-48-20231204225121.webp" width="48" height="48" alt="Ryan Castellucci :nonbinary_flag:" style="position: absolute; left: 0; top: 0;">Ryan Castellucci :nonbinary_flag:</a><div><a href="https://infosec.exchange/@kajer/114190549690358602" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/161036" title="cr0w@infosec.exchange">cR0w :cascadia:</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@kajer">@kajer</a> <a href="https://infosec.exchange/@cR0w">@cR0w</a> I just spoke with someone from let's encrypt who has looked at the relevant code in a number of implementations and they confirm CIDR ranges aren't honored in SANs.</p><p>If I had an exploit which would allow this, I would now be dropping it because it would be funny, but alas...</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4759858#notice-9323900">In conversation</a><time datetime="2025-03-20T03:41:21+09:00" title="Thursday, 20-Mar-2025 03:41:21 JST">about a month ago</time> <span>from <span><a href="https://gnusocial.jp/notice/9323900" rel="external" title="Sent from gnusocial.jp via ActivityPub">gnusocial.jp</a></span></span><a href="https://gnusocial.jp/notice/9323900">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 20-Mar-2025 03:41:21 JSTRyan Castellucci :nonbinary_flag:
in reply to
- kajer
- cR0w :cascadia:
@kajer @cR0w I just spoke with someone from let's encrypt who has looked at the relevant code in a number of implementations and they confirm CIDR ranges aren't honored in SANs.
If I had an exploit which would allow this, I would now be dropping it because it would be funny, but alas...
In conversationabout a month ago from gnusocial.jppermalink

Public

Embed Notice

HTML Code

Corresponding Notice