Jump to content

Recommended Posts

Malwarebytes support recommended I post this question here. It is not a false positive report, but a question of website security. Vanguard is a huge investment company and they claim SSL extended validation from Comodo, but the website certificates shown by the browser are Domain Validation from Let's Encrypt which makes no sense. There is a lot of damage that can occur if they are hacked. Their own security page shows the conflict at https://investor.vanguard.com/security-center . The attached has screen captures and if you compare what they say under "How we protect you" for SSL validation with what you see them using, it doesn't match. I've never seen a financial site use Let's Encrypt free Domain Validation certificates and nothing less than Organizational Validation. If they obtained an EV certificate from Comodo, why don't we see it? I've reported it to them, but the email goes to the Let's Encrypt domain. Are we looking at a man in the middle situation? Thanks in advance and be well.

VanguardSslProblem.docx

Link to post
Share on other sites

The Comodo EV certificate for Vanguard has been spotted, but not to cover an account login. Hopefully we are seeing configuration issues that are being worked. If so, this could have been explained by their support at initial contact. I do think it's very important to be careful these days and will wait before logging in.
https://support.vanguard.com/ (Comodo EV) login redirects to https://logon.vanguard.com/logon (Amazon DV)
https://personal.vanguard.com/home.html (Comodo EV) redirects to https://investor.vanguard.com/home (Let's Encrypt DV)

Link to post
Share on other sites

The Comodo EV certificate for Vanguard has been spotted, but not to cover an account login. Hopefully we are seeing configuration issues that are being worked. If so, this could have been explained by their support at initial contact. I do think it's very important to be careful these days and will wait before logging in.
https://support.vanguard.com/ (Comodo EV) login redirects to https://logon.vanguard.com/logon (Amazon DV)
https://personal.vanguard.com/home.html (Comodo EV) redirects to https://investor.vanguard.com/home (Let's Encrypt DV)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.