Bugtraq mailing list archives
Re: IE SSL Vulnerability (Konqueror affected too)
From: "Thomas C. Greene" <tcgreene () bellatlantic net>
Date: Sun, 11 Aug 2002 22:41:11 -0700
http://theregister.co.uk/content/4/26620.html [....] I've not tested this on IE because several researchers posting to Benham's BugTraq thread (http://online.securityfocus.com/archive/1/286895/2002-08-08/2002-08-14/1) have confirmed the behavior. But I did test it on Mozilla 0.9.4, which Benham says isn't vulnerable, and Konqueror 3.0 (KDE 3.0.2 on SuSE 8.0), which he doesn't mention. Konqueror turned out quite vulnerable. Mozilla was not vulnerable, but I'm not sure if that's because it handled the situation properly, or is, ironically, somehow too buggy to be exploited. I made a simple HTML file with links to the amazon URL. After associating Benham's test-page IP with www.amazon.com in my hosts file I found that in Konqueror, following a link to https://www.amazon.com brought me immediately to the 'you've been hacked' page, indicating total failure. The behavior was the same when I typed the URL into the address bar. With Mozilla the URL, https://www.amazon.com simply went nowhere. No cert warning, no 404, nothing. The browser simply remained on the page from which I started. The behavior was the same when I typed the URL into the address bar. [....] --tcg http://theregister.co.uk
Current thread:
- IE SSL Vulnerability Mike Benham (Aug 06)
- Re: IE SSL Vulnerability Alex Loots (Aug 07)
- Re: IE SSL Vulnerability Mike Benham (Aug 09)
- Re: IE SSL Vulnerability Paweł Krawczyk (Aug 10)
- Re: IE SSL Vulnerability Mike Benham (Aug 09)
- Re: IE SSL Vulnerability Balazs Scheidler (Aug 10)
- Re: IE SSL Vulnerability Balazs Scheidler (Aug 10)
- Re: IE SSL Vulnerability Torbjörn Hovmark (Aug 10)
- Re: IE SSL Vulnerability (Konqueror affected too) Thomas C. Greene (Aug 12)
- <Possible follow-ups>
- RE: IE SSL Vulnerability Pidgorny, Slav (Aug 09)
- Re: IE SSL Vulnerability Torbjörn (Aug 10)
- Re: IE SSL Vulnerability robert walker (Aug 16)
- Re: IE SSL Vulnerability Charles Miller (Aug 19)
- Re: IE SSL Vulnerability J. Lasser (Aug 20)
- Re: IE SSL Vulnerability Charles Miller (Aug 19)
- Re: IE SSL Vulnerability Alex Loots (Aug 07)