Data protection

SSL certificate of a subdomain with a wrong host name

Platform(s)

  • N/A

Compliance Frameworks

Description

The certificate for {Subdomain.Name} belongs to a different hostname. Certificates can authenticate only specific hostnames, stated either in the Common Name (CN) or as an Subject Alternative Name (SAN). Certificates can not guarantee ownership of a subdomain which is not listed in one of those. This means a user could not distinguish access to the correct website and a fake one and opens users of this website to the risk of an MITM attack
Need help?

Get a free Security Risk Assessment. Start today

Orca Security Demo Demo the Orca Platform-> In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.