Websites cannot insulate themselves against a fully-compromised CA, even if they. 17 nov. 2022 · Today I published a blog post at https://ian.sh/etugra, describing several serious security issues I discovered in the e-Tugra certificate authority.I was able to obtain access to two e-Tugra administrative systems using default passwords, which disclosed numerous amounts of subscriber PII and verification details, and appeared to impact e-Tugra's domain control validation processes.