Home
News
Details

360 Responds to OpenClaw Private Key Leak, Certificates Revoked

iconKuCoinFlash
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
360 addressed the OpenClaw wildcard certificate and private key leak, stating the issue resulted from a business error that inadvertently included an internal domain certificate in an installation package. The certificate *.myclaw.360.cn maps to the local loopback address 127.0.0.1 and is used solely for internal purposes, not for public-facing services. Following reports from security researchers, 360 revoked the certificate, rendering it invalid for HTTPS encryption. Although a theoretical CFT-related risk exists, the actual threat is low due to the certificate’s limited scope. The incident underscores the need for enhanced security in liquidity and crypto markets.

Odaily Planet Daily reports, according to 1M AI News monitoring, the 360 security team has responded to the wildcard certificate and private key leak incident involving OpenClaw, stating that it was a business error to include internal domain certificates in the installation package. The affected certificate, *.myclaw.360.cn, resolves to the local loopback address 127.0.0.1 and is used only on users' local machines, providing no external services.

After receiving reports from multiple security researchers, 360 has applied for the revocation of this certificate, which is now expired and can no longer be used for any legitimate HTTPS encrypted communication; ordinary users are unaffected. The theoretical risk of man-in-the-middle attacks during the period of exposure still exists, but since the service associated with this certificate ran only in a local environment, the actual risk is relatively limited.

Previous message: The OpenClaw assistant package from 360 leaked an SSL private key; Zhou Hongyi previously promised, "Never leak passwords."

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.