360 Responds to OpenClaw Private Key Leak: Caused by Operational Error, Certificate Limited to Local Use and Revoked

星球日报
星球日报|Mar 17, 2026 07:17
Odaily Planet Daily reports, according to monitoring by 1M AI News, the 360 security team has responded to the wildcard certificate and private key leak incident involving OpenClaw (安全龙虾). They stated that the issue was caused by an operational error, where an internal domain certificate was mistakenly included in the installation package. The affected certificate *.myclaw.(360.cn) resolves to the local loopback address 127.0.0.1 and is only used on the user's local machine, providing no external services. After receiving reports from multiple security researchers, 360 has applied to revoke the certificate, which is now invalid and can no longer be used for any legitimate HTTPS encrypted communication. Regular users are not affected. Although there remains a theoretical risk of man-in-the-middle attacks during the leak period, the actual risk is relatively limited as the certificate's corresponding service only operates in the local environment.
+6
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads