Internet explorer (and others) CA certificate attack
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
Internet explorer (and others) CA certificate attack
updated since 15.08.2002
Published:
29.11.2003
Source:
BUGTRAQ
SecurityVulns ID:
2227
Type:
m-i-t-m
Level:
5
/10
Description:
For intermediate CA only signature is checked, missed check for basic constaint allows to use any valid certificate as CA certificate.
Affected:
MICROSOFT
:
Office 2000
MICROSOFT
:
Internet Explorer 5.5
MICROSOFT
:
Internet Information Server 5.0
MICROSOFT
:
Internet Explorer 6.0
KDE
:
KDE 3.0
TINYSSL
:
TinySSL 1.03
SUN
:
JSSE 1.0
OPENCA
:
OpenCA 0.9
Original document
Michael Bell
,
[OpenCA Advisory] Vulnerabilities in signature verification
(
29.11.2003
)
Alex Loots
,
Incorrect Certificate Validation in Java Secure Socket Extension
(
28.01.2003
)
MICROSOFT
,
UPDATE: Microsoft Security Bulletin MS02-050: Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)
(
21.11.2002
)
MICROSOFT
,
Security Bulletin MS02-050: Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
(
05.09.2002
)
Mike Benham
,
Outlook S/MIME Vulnerability
(
03.09.2002
)
KDE
,
KDE Security Advisory: Konqueror SSL vulnerability
(
20.08.2002
)
Johan Persson
,
Insufficient Verification of Client Certificates in IIS 5.0 pre sp3
(
20.08.2002
)
Adam Megacz
,
TinySSL Vendor Statement: Basic Constraints Vulnerability
(
15.08.2002
)
Mike Benham
,
IE SSL Vulnerability
(
15.08.2002
)
Files:
IE SSL Exploit
Discuss:
Read or add your comments to this news (0 comments)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Enter your search terms
Web
securityvulns.com
Submit search form
