Re: IE https certificate attack
From: Donald King (donald_king@mail.com)Date: 12/26/01
- Previous message: Lesha Pavlov: "msql DoS"
- In reply to: security@e-matters.de: "IE https certificate attack"
- Next in thread: The Death: "RE: IE https certificate attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Donald King <donald_king@mail.com> To: bugtraq@securityfocus.com Date: Wed, 26 Dec 2001 12:32:15 -0600
On Sat 22 Dec 2001 08:37, security@e-matters.de wrote:
[Snip]
> A flaw in Microsoft Internet Explorer allows an attacker to perform
> a SSL Man-In-The-Middle attack without the majority of users
> recognising it. In fact the only way to detect the attack is to manually
> compare the server name with the name stored in the certificate.
>
[Snip]
I have confirmed the following on my own system:
* Konqueror 2.1 is VULNERABLE;
* Mozilla 0.9.6 is not vulnerable;
* Netscape 4.75 is not vulnerable.
-- Donald King, a.k.a. Chronos Tachyon http://chronos.dyndns.org/ -- WWED? Guardian of Eristic Paraphernalia Gatekeeper of the Region of Thud 12:17pm up 59 days, 16:03, 1 user, load average: 0.13, 0.13, 0.09
- Previous message: Lesha Pavlov: "msql DoS"
- In reply to: security@e-matters.de: "IE https certificate attack"
- Next in thread: The Death: "RE: IE https certificate attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
