@kenord wrote:
I work for a potential Pagerduty customer and am performing my IT security due-diligence on the company and services, and I see that Pagerdury does not monitor for nor correct insecure configurations on their websites and public servers. For example, expired certificates. Can someone from Pagerduty reply as to why this is and what you intend to do about it, please?
COLLECTION TARGET PORT CERTIFICATE AUTHORITY START DATE EXPIRATION DATE
54.227.252.125 443 DigiCert Inc Mar 22, 2016 12:00:00 am Mar 27, 2017 1:00:00 pm
23.21.199.182 443 GeoTrust Inc. Sep 20, 2015 8:18:50 am Sep 22, 2018 7:51:37 pm
54.235.249.128 443 DigiCert Inc Mar 22, 2016 12:00:00 am Mar 27, 2017 1:00:00 pm
23.23.109.49 443 GeoTrust Inc. Feb 14, 2016 5:21:09 am Feb 16, 2019 5:17:23 pm
54.225.222.194 443 DigiCert Inc Jun 21, 2016 12:00:00 am Jun 28, 2017 1:00:00 pm
54.197.254.249 443 GeoTrust Inc. Feb 14, 2016 5:21:09 am Feb 16, 2019 5:17:23 pm
54.225.239.129 443 GeoTrust Inc. Feb 14, 2016 5:21:09 am Feb 16, 2019 5:17:23 pm
54.225.182.165 443 DigiCert Inc Jun 21, 2016 12:00:00 am Jun 28, 2017 1:00:00 pm
23.23.153.154 443 GeoTrust Inc. Sep 20, 2015 8:18:50 am Sep 22, 2018 7:51:37 pm
23.23.143.96 443 GeoTrust Inc. Sep 20, 2015 8:18:50 am Sep 22, 2018 7:51:37 pm
50.16.250.166 443 DigiCert Inc Mar 22, 2016 12:00:00 am Mar 27, 2017 1:00:00 pmAll are easily discovered and tested using the likes of sslscan.
I’ll be watching to see how long it takes for these to be resolved and if future weaknesses go unaddressed.
Posts: 1
Participants: 1