Bugtraq mailing list archives

Re: IE https certificate attack

From: Geoff Joy <geoff () windowmeister com>
Date: Wed, 26 Dec 2001 18:00:09 -0800

Internet Explorer 6.0.2600.0000 with the latest Critical Updates
including Q306121; Q312461; Q313675 is VULNERABLE.

Tested in Windows 2000 Professional 5.0.2195 SP2:
                Patch Found     MS00-077        Q299796
                Patch Found     MS00-079        Q276471
                Patch Found     MS01-007        Q285851
                Patch Found     MS01-013        Q285156
                NOTE            MS01-022        Q296441
                Patch Found     MS01-025        Q296185
                Patch Found     MS01-031        Q299553
                Patch Found     MS01-037        Q302755
                Patch Found     MS01-041        Q298012
                Patch Found     MS01-043        Q303984
                Patch Found     MS01-046        Q252795



Manually checking the certificate reveals that the domain issued to
the certificate does not match the domain of the web site.

Current thread:

IE https certificate attack security (Dec 23)
- Re: IE https certificate attack Dimitris Giannitsaros (Dec 24)
  - Re: IE https certificate attack e-matters GmbH - Securityteam (Dec 24)
    - Re: IE https certificate attack Geoff Joy (Dec 26)
- Re: IE https certificate attack Przemyslaw Frasunek (Dec 25)
  - Re: IE https certificate attack Diego M. Vadell (Dec 25)
  - Re: IE https certificate attack Stephen Cope (Dec 25)
- Re: IE https certificate attack Kevin van Haaren (Dec 25)
- Re: IE https certificate attack Donald King (Dec 26)
- RE: IE https certificate attack The Death (Dec 26)
- <Possible follow-ups>
- FW: IE https certificate attack August September (Dec 26)