If you can inject arbitrary malicious routes, you can make ACME requests for a new cert.
You can mitigate this with DNSSEC, CAA records and account pinning. See: https://www.devever.net/~hl/xmpp-incident
alt Hacker News
You can mitigate this with DNSSEC, CAA records and account pinning. See: https://www.devever.net/~hl/xmpp-incident