FW: IE https certificate attack

From: August September (august_september@hotmail.com)
Date: 12/26/01 

From: "August September" <august_september@hotmail.com>
To: bugtraq@securityfocus.com
Date: Wed, 26 Dec 2001 16:57:16 +0500

Hello,

I've been reading this thread and it remembered me a similar case (I don't
know if it really classifies as a bug, so I haven't reported it).

Once I had to embed a non-secure object coming from another server to my
secure page (only available over https), then i did the following: i wrote a
simple redirect script like this

<?php

header("Location:".$url);

?>

and on the real page asked object through that script like this

<img src="redirect.php?url=http://non.secure.server">

Both IE and Mozilla displayed this object without any warning.

August

>-----Original Message-----
>From: security@e-matters.de [mailto:security@e-matters.de]
>Sent: Saturday, December 22, 2001 4:37 PM
>To: bugtraq@securityfocus.com
>Subject: IE https certificate attack
>
>
> e-matters GmbH
> www.e-matters.de
>
> -= Security Advisory =-
>
>
>
> Advisory: Interner Explorer HTTPS certificate attack
> Release Date: 2001/12/22 Author: Stefan Esser
>[s.esser@e-matters.de]
>
> Application: Microsoft Internet Explorer 5.0/5.5/6.0
> Severity: Vulnerability in IE's SSL Certificate handling allows
> undetected SSL Man-In-The-Middle attacks
> Risk: Very High
>Vendor Status: Notified
> Reference: http://security.e-matters.de/advisories/012001.html
>

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com