Bugtraq mailing list archives
Re: IE https certificate attack
From: Geoff Joy <geoff () windowmeister com>
Date: Wed, 26 Dec 2001 18:00:09 -0800
Internet Explorer 6.0.2600.0000 with the latest Critical Updates including Q306121; Q312461; Q313675 is VULNERABLE. Tested in Windows 2000 Professional 5.0.2195 SP2: Patch Found MS00-077 Q299796 Patch Found MS00-079 Q276471 Patch Found MS01-007 Q285851 Patch Found MS01-013 Q285156 NOTE MS01-022 Q296441 Patch Found MS01-025 Q296185 Patch Found MS01-031 Q299553 Patch Found MS01-037 Q302755 Patch Found MS01-041 Q298012 Patch Found MS01-043 Q303984 Patch Found MS01-046 Q252795 Manually checking the certificate reveals that the domain issued to the certificate does not match the domain of the web site.
Current thread:
- IE https certificate attack security (Dec 23)
- Re: IE https certificate attack Dimitris Giannitsaros (Dec 24)
- Re: IE https certificate attack e-matters GmbH - Securityteam (Dec 24)
- Re: IE https certificate attack Geoff Joy (Dec 26)
- Re: IE https certificate attack e-matters GmbH - Securityteam (Dec 24)
- Re: IE https certificate attack Przemyslaw Frasunek (Dec 25)
- Re: IE https certificate attack Diego M. Vadell (Dec 25)
- Re: IE https certificate attack Stephen Cope (Dec 25)
- Re: IE https certificate attack Kevin van Haaren (Dec 25)
- Re: IE https certificate attack Donald King (Dec 26)
- RE: IE https certificate attack The Death (Dec 26)
- <Possible follow-ups>
- FW: IE https certificate attack August September (Dec 26)
- Re: IE https certificate attack Dimitris Giannitsaros (Dec 24)