Bugtraq mailing list archives

Re: IE https certificate attack

From: "Diego M. Vadell" <dvadell () uyr com ar>
Date: Tue, 25 Dec 2001 16:12:25 -0300

Hi,
        Just FYI, I did get a warning as soon as I entered http://suspekt.org/ with Konqueror from KDE3beta1.

"The Ip address of the host supekt.org does not match the one the certificate was issued to."

        Diego.




On Tue, 25 Dec 2001 16:14:39 +0100
"Przemyslaw Frasunek" <venglin () freebsd lublin pl> wrote:

On Saturday 22 December 2001 15:37, security () e-matters de wrote:

   A proof of concept webpage was put up at http://suspekt.org. Clicking
   onto the "To the secure page..." link will send your browser to
   https://suspekt.org without IE warning you that the certificate was not
   issued onto that server.


Looks like Konqueror 2.2.1 (Mandrake Linux 8.1 + OpenSSL 0.9.6b) is also 
vulnerable. I've got no warning when entering on this page. I've tested it 
also with lynx 2.8.4rel.1 (compiled with OpenSSL 0.9.6a on FreeBSD) with the 
same result. 

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslaw () frasunek com ** PGP: D48684904685DF43EA93AFA13BE170BF *

Current thread:

IE https certificate attack security (Dec 23)
- Re: IE https certificate attack Dimitris Giannitsaros (Dec 24)
  - Re: IE https certificate attack e-matters GmbH - Securityteam (Dec 24)
    - Re: IE https certificate attack Geoff Joy (Dec 26)
- Re: IE https certificate attack Przemyslaw Frasunek (Dec 25)
  - Re: IE https certificate attack Diego M. Vadell (Dec 25)
  - Re: IE https certificate attack Stephen Cope (Dec 25)
- Re: IE https certificate attack Kevin van Haaren (Dec 25)
- Re: IE https certificate attack Donald King (Dec 26)
- RE: IE https certificate attack The Death (Dec 26)
- <Possible follow-ups>
- FW: IE https certificate attack August September (Dec 26)