CP
cyberpings
VulnerabilitiesHIGH

Vulnerabilities - Qihoo 360 Exposes Wildcard SSL Private Key

CSCyber Security News
Qihoo 360SSL Private KeySecurity ClawOpenClawWoTrus CA Limited
🎯

Basically, Qihoo 360 accidentally shared a secret key that protects user data, making it vulnerable to hackers.

Quick Summary

Qihoo 360 has leaked its wildcard SSL private key in a public installer. This exposes users to serious security risks, including data interception and impersonation. The company is taking steps to mitigate the fallout.

The Flaw

On March 16, 2026, Qihoo 360, China's largest cybersecurity firm, made a significant operational security blunder. The company bundled its wildcard SSL private key within the public installer of its newly launched AI assistant, 360Qihoo (also known as Security Claw). This key, which is crucial for establishing secure connections, was found unprotected in the installer package. Researchers discovered it while inspecting the directory structure of the software.

The wildcard SSL certificate, issued by WoTrus CA Limited, is valid for all subdomains under the myclaw.360.cn domain. The exposure of this key poses serious risks, as it allows potential attackers to perform high-impact actions, such as intercepting user traffic and impersonating legitimate servers.

What's at Risk

The implications of this leak are extensive. With possession of the wildcard SSL private key, an attacker could execute a Man-in-the-Middle (MitM) attack, decrypting all traffic between users and the AI servers. They could also create a fake endpoint that browsers would trust, leading to credential harvesting through convincing login pages. Furthermore, attackers could hijack AI sessions, manipulating queries sent to the backend.

The entire infrastructure of myclaw.360.cn was theoretically compromised the moment the installer was made public. This extensive breach highlights the critical importance of secure software development practices, particularly for a firm trusted by over 461 million users.

Patch Status

Following the public disclosure of the leak, Qihoo 360 took immediate action to revoke the compromised certificate. However, the revocation process is not instantaneous. Due to the behavior of Online Certificate Status Protocol (OCSP) caching, some clients may still receive a valid status response from cached lookups. This means that even after revocation, the risk persists until all caches are updated.

The timing of this incident is particularly embarrassing for Qihoo 360. The company's founder had publicly assured users that Security Claw would never leak passwords, a promise that was broken before the product's launch day ended.

Immediate Actions

For users of Qihoo 360's products, it is crucial to remain vigilant. Here are some steps you can take:

  • Change passwords: If you have used the AI assistant, consider changing your passwords for any accounts accessed through it.
  • Monitor accounts: Keep an eye on your accounts for any suspicious activity.
  • Stay updated: Follow Qihoo 360's communications for updates on the situation and any further security measures they may implement.

This incident serves as a stark reminder of the importance of operational security. Companies must prioritize secure coding practices to protect user data and maintain trust.

🔒 Pro insight: This incident underscores the critical need for rigorous operational security practices in software development to prevent similar leaks.

Original article from

Cyber Security News · Guru Baran

Read Full Article

Share

Related Pings

CRITICALVulnerabilities

CVE-2025-47812 - Critical Wing FTP Server Vulnerability Alert

A critical vulnerability in Wing FTP Server has been discovered and actively exploited. Users of versions v7.4.3 and prior are at risk. Immediate updates to v7.4.4 are essential for protection.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Vulnerabilities - CISA Flags Wing FTP Server Flaw Exploited

CISA has issued a warning about a critical vulnerability in Wing FTP Server. This flaw affects numerous organizations, including federal agencies. Immediate patching is essential to prevent potential remote code execution attacks.

BleepingComputer·
HIGHVulnerabilities

UK's Companies House - Security Flaw Exposed Business Data

A serious security flaw at Companies House exposed sensitive data of five million companies for five months. This raises significant concerns about data protection and privacy. Companies House is investigating the incident and has reported it to the relevant authorities.

BleepingComputer·
HIGHVulnerabilities

Microsoft Edge Vulnerability - Critical Update Released

Microsoft has released a critical update for Edge to fix CVE-2026-3910. Users must update to version 146.0.3856.59. This vulnerability poses serious risks, so immediate action is essential.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Vulnerabilities - CISA Adds CVE-2025-47813 to Catalog

CISA has added a new vulnerability to its catalog, CVE-2025-47813. This flaw affects the Wing FTP Server and poses serious risks to federal networks. Timely remediation is crucial to prevent exploitation. Organizations are urged to prioritize addressing this vulnerability.

CISA Advisories·
HIGHVulnerabilities

CISA Issues Security Advisories for Multiple ICS Vulnerabilities

CISA has issued important advisories regarding vulnerabilities in various ICS products. Key systems from Honeywell and Siemens are affected. Users must apply updates to mitigate potential risks. Stay vigilant and secure your infrastructure.

Canadian Cyber Centre Alerts·