Popular certificate authority StartSSL (StartCom) has resolved a security vulnerability in its domain validation process that could be abused by attackers to issue certificates for domains they do not own.

StartCom, the sixth largest certificate authority in the world, offers trusted identity and authentication services, and also provides site owners with free StartSSL certificates. The free StartSSL certificates were setup to be domain or email validated, but security researcher Osama Almanna recently discovered a flaw in the domain validation process that allowed him to validate a domain he did not own.