Re: IE https certificate attack
From: Przemyslaw Frasunek (venglin@freebsd.lublin.pl)Date: 12/25/01
- Previous message: bugzilla@redhat.com: "[RHSA-2001:162-04] Updated namazu packages are available"
- In reply to: security@e-matters.de: "IE https certificate attack"
- Next in thread: Stephen Cope: "Re: IE https certificate attack"
- Reply: Stephen Cope: "Re: IE https certificate attack"
- Reply: Diego M. Vadell: "Re: IE https certificate attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl> To: security@e-matters.de, bugtraq@securityfocus.com Date: Tue, 25 Dec 2001 16:14:39 +0100
On Saturday 22 December 2001 15:37, security@e-matters.de wrote:
> A proof of concept webpage was put up at http://suspekt.org. Clicking
> onto the "To the secure page..." link will send your browser to
> https://suspekt.org without IE warning you that the certificate was not
> issued onto that server.
Looks like Konqueror 2.2.1 (Mandrake Linux 8.1 + OpenSSL 0.9.6b) is also
vulnerable. I've got no warning when entering on this page. I've tested it
also with lynx 2.8.4rel.1 (compiled with OpenSSL 0.9.6a on FreeBSD) with the
same result.
-- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *
- Previous message: bugzilla@redhat.com: "[RHSA-2001:162-04] Updated namazu packages are available"
- In reply to: security@e-matters.de: "IE https certificate attack"
- Next in thread: Stephen Cope: "Re: IE https certificate attack"
- Reply: Stephen Cope: "Re: IE https certificate attack"
- Reply: Diego M. Vadell: "Re: IE https certificate attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
