Re: IE https certificate attack
From: Diego M. Vadell (dvadell@uyr.com.ar)Date: 12/25/01
- Previous message: bugtraq: "GOBBLES CGI MARATHON #003"
- In reply to: Przemyslaw Frasunek: "Re: IE https certificate attack"
- Next in thread: Kevin van Haaren: "Re: IE https certificate attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Dec 2001 16:12:25 -0300 From: "Diego M. Vadell" <dvadell@uyr.com.ar> To: bugtraq@securityfocus.com
Hi,
Just FYI, I did get a warning as soon as I entered http://suspekt.org/ with Konqueror from KDE3beta1.
"The Ip address of the host supekt.org does not match the one the certificate was issued to."
Diego.
On Tue, 25 Dec 2001 16:14:39 +0100
"Przemyslaw Frasunek" <venglin@freebsd.lublin.pl> wrote:
> On Saturday 22 December 2001 15:37, security@e-matters.de wrote:
> > A proof of concept webpage was put up at http://suspekt.org. Clicking
> > onto the "To the secure page..." link will send your browser to
> > https://suspekt.org without IE warning you that the certificate was not
> > issued onto that server.
>
> Looks like Konqueror 2.2.1 (Mandrake Linux 8.1 + OpenSSL 0.9.6b) is also
> vulnerable. I've got no warning when entering on this page. I've tested it
> also with lynx 2.8.4rel.1 (compiled with OpenSSL 0.9.6a on FreeBSD) with the
> same result.
>
> --
> * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
> * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *
- Previous message: bugtraq: "GOBBLES CGI MARATHON #003"
- In reply to: Przemyslaw Frasunek: "Re: IE https certificate attack"
- Next in thread: Kevin van Haaren: "Re: IE https certificate attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
