Why does pinning a CA root certificate not present a security risk?

Published: 11/07/2019
Why does pinning a CA root certificate not present a security risk?
Source: SECURITY.STACKEXCHANGE.COM

AWS recommends pinning their root certificate when implementing SSL pinning. My understanding is that SSL pinning for mobile applications mitigates a situation where an attacker has installed a malicious certificate on the device's certificate store. However, if an app is instructed to trust all certificates signed by AWS, couldn't an attacker trivially buy a malicious cert from AWS and install

Read more
Related news
Comment
FACEBOOK