Re: IE https certificate attack

From: Stephen Cope (mail-e-23aa7ea58416034f88@kimihia.org.nz)
Date: 12/25/01 

Date: Wed, 26 Dec 2001 10:13:19 +1300
From: Stephen Cope <mail-e-23aa7ea58416034f88@kimihia.org.nz>
To: bugtraq@securityfocus.com

Przemyslaw Frasunek wrote:
: Looks like Konqueror 2.2.1 (Mandrake Linux 8.1 + OpenSSL 0.9.6b) is also
: vulnerable. I've got no warning when entering on this page. I've tested it

Using Konqueror 2.2.1.0-6 (no kdebase-crypto and kdelibs3-crypt) on Debian
woody I was warned:
    The IP address of the host suspekt.org does not match the one the
    certificate was issued to.

After clicking "Continue" I was asked:
    Would you like to accept this certificate forever without being
    prompted?

"Current Session Only" was the default button for the dialog.

Mozilla 0.9.6 complained that the host and certificate didn't match:
    You have attempted to establish a connection with "suspekt.org".
    However, the security certificate presented belongs to
    "ssl.e-matters.de". It is possible, though unlikely, that someone
    may be trying to intercept your communication with this web site.

Galeon 1.0 (which embeds Gecko) had the same response, and then stopped
solid as a rock.

Skipstone 0.7.6 (which embeds Gecko) stopped solid like a rock.

w3m 0.2.1-inu-1.5 did not complain. 

-- 
Stephen Cope - http://sdc.org.nz/

Quantcast