Full Disclosure mailing list archives
Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2
From: Alexander Klink <a.klink () cynops de>
Date: Wed, 5 Dec 2007 09:26:18 +0100
Hi, On Sun, Nov 18, 2007 at 10:21:18PM +0100, Nils Toedtmann wrote:
DN="CN=www.example.com" subjectAltName:dNSName=www.example.com subjectAltName:dNSName=www.paypal.com and lures the user to https://www.example.com/. The user gets an "unknown CA" warning, but the "subjectAltName:dNSName" extensions are not shown to him, so the cert looks ok. As he does not plan to
This is particularly annoying as there is no way to actually view the subjectAltNames in Mozilla (except for being able to translate the hexdump in your head). At least they're planning to change the handling of wildcards[0], so it is no longer enough to get that one certificate with a subjectAltName of '*' installed. Best regards, Alex [0]: http://permalink.gmane.org/gmane.comp.mozilla.crypto/8429 -- Dipl.-Math. Alexander Klink | IT-Security Engineer | a.klink () cynops de mobile: +49 (0)178 2121703 | Cynops GmbH | http://www.cynops.de ----------------------------+----------------------+--------------------- HRB 7833, Amtsgericht | USt-Id: DE 213094986 | Geschäftsführer: Bad Homburg v. d. Höhe | | Martin Bartosch _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Alexander Klink (Dec 05)