Bugtraq mailing list archives
Re: IE https certificate attack
From: "Diego M. Vadell" <dvadell () uyr com ar>
Date: Tue, 25 Dec 2001 16:12:25 -0300
Hi, Just FYI, I did get a warning as soon as I entered http://suspekt.org/ with Konqueror from KDE3beta1. "The Ip address of the host supekt.org does not match the one the certificate was issued to." Diego. On Tue, 25 Dec 2001 16:14:39 +0100 "Przemyslaw Frasunek" <venglin () freebsd lublin pl> wrote:
On Saturday 22 December 2001 15:37, security () e-matters de wrote:A proof of concept webpage was put up at http://suspekt.org. Clicking onto the "To the secure page..." link will send your browser to https://suspekt.org without IE warning you that the certificate was not issued onto that server.Looks like Konqueror 2.2.1 (Mandrake Linux 8.1 + OpenSSL 0.9.6b) is also vulnerable. I've got no warning when entering on this page. I've tested it also with lynx 2.8.4rel.1 (compiled with OpenSSL 0.9.6a on FreeBSD) with the same result. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw () frasunek com ** PGP: D48684904685DF43EA93AFA13BE170BF *
Current thread:
- IE https certificate attack security (Dec 23)
- Re: IE https certificate attack Dimitris Giannitsaros (Dec 24)
- Re: IE https certificate attack e-matters GmbH - Securityteam (Dec 24)
- Re: IE https certificate attack Geoff Joy (Dec 26)
- Re: IE https certificate attack e-matters GmbH - Securityteam (Dec 24)
- Re: IE https certificate attack Przemyslaw Frasunek (Dec 25)
- Re: IE https certificate attack Diego M. Vadell (Dec 25)
- Re: IE https certificate attack Stephen Cope (Dec 25)
- Re: IE https certificate attack Kevin van Haaren (Dec 25)
- Re: IE https certificate attack Donald King (Dec 26)
- RE: IE https certificate attack The Death (Dec 26)
- <Possible follow-ups>
- FW: IE https certificate attack August September (Dec 26)
- Re: IE https certificate attack Dimitris Giannitsaros (Dec 24)