The severity is HIGH due to the exposure of a wildcard SSL private key, which could allow attackers to decrypt traffic and perform man-in-the-middle attacks on any subdomain under myclaw.360.cn. The certificate was issued by WoTrus CA Limited, a rebranded fraudulent CA from Qihoo 360.
Qihoo 360's AI product installer contained a wildcard SSL private key for *.myclaw.360.cn, issued by their subsidiary WoTrus CA Limited. This exposes all subdomains under myclaw.360.cn to man-in-the-middle attacks and compromises encrypted traffic until the certificate is revoked or replaced. Affected users include those using 360 Security Lobster.
Affected Systems
- 360 Security Lobster
Affected Versions: All versions of the public installer for 360 Security Lobster
Remediation
- Immediately revoke and replace the compromised wildcard SSL certificate for *.myclaw.360.cn.
- Update the public installer to remove any private key data.
- Monitor network traffic for signs of unauthorized access or man-in-the-middle attacks.
Stack Impact
This issue impacts SSL/TLS encrypted services using certificates from WoTrus CA Limited, specifically *.myclaw.360.cn.