Bugtraq mailing list archives
iphone email client does not validate ssl certificates
From: Bill Borskey <wborskey () gmail com>
Date: Fri, 11 Sep 2009 12:33:33 -0500
Info: iPod/iPhone standard e-mail application does not validate SSL certificates and is vulnerable to a MITM (man in the middle attack). Vulnerable: All versions. Discovered by: William Borskey wborskey () gmail com Discussion: The mail application that ships with the iPod/iPhone does not validate SSL certificates. A malicious user can use software such as ettercap-ng to sniff email passwords without the application warning the victim that the certificate may be invalid. Exploit: This flaw can be exploited with ettercap-ng.
Current thread:
- iphone email client does not validate ssl certificates Bill Borskey (Sep 11)
- Re: iphone email client does not validate ssl certificates Pavel Machek (Sep 28)
- Re: iphone email client does not validate ssl certificates Steve Shockley (Sep 29)
- Re: iphone email client does not validate ssl certificates Pavel Machek (Sep 28)