Bubba AI, Inc. 2261 Market Street, San Francisco, California, 94114 Finding Title: Wildcard SSL/TLS Certificate In Use Severity: (CVSS3.1): 0.0 (Informational) Description: The issue occurs when a server presents a certificate that is valid for all subdomains under a given domain. This allows an attacker to broaden the impact of a single certificate compromise, as any subdomain covered by the wildcard may be impersonated if the certificate or private key is leaked. Exploitation requires access to the wildcard certificate ’ s private key or the ability to trick the certificate owner into deploying the key on insecure systems, making exploitation moderately difficult. An attacker can exploit this by compromising one system that uses the wildcard certificate and leveraging the exposed key to impersonate additional services or subdomains. Successful exploitation could result in credential theft, user impersonation, man-in-the-middle attacks, or unauthorized access across multiple subservices that rely on the same wildcard certificate. Risk:  Increased attack surface due to shared trust across multiple subdomains.  Single point of failure if the certificate/private key is compromised.  Potential for largescale impersonation or MITM attacks.  Difficulty in enforcing least privilege for certificates across services. Evidence: Figure 1 - The server uses wildcard SSL/TLS certificate. Remediation:  Replace the wildcard certificate with individual certificates per subdomain . Affected Endpoints:  comp-ai.test.relayto.com