AW: IE https certificate attack

Date: 01/03/02

Date: Thu, 3 Jan 2002 15:04:17 +0100 


could it be, that the text-browsers (lynx, links, w3m) don't even
bother comparing the actual server name to the certificate's
"issued for" entry?

I just tested these and none complained:

- lynx 2.8.5dev.2 (with OpenSSL 0.9.6a)
- links 0.96
- w3m 0.1.11-pre
(all on Mandrake Linux 8.1)

Neither did any of them complain when accessing a https web page
with a self-made certificate.

Regards, K.

> Looks like Konqueror 2.2.1 (Mandrake Linux 8.1 + OpenSSL 0.9.6b) is also
> vulnerable. I've got no warning when entering on this page. I've tested it

> also with lynx 2.8.4rel.1 (compiled with OpenSSL 0.9.6a on FreeBSD) with
> same result.
> --
> * Fido: 2:480/124 ** WWW: **
> * Inet: ** PGP:
> D48684904685DF43EA93AFA13BE170BF *

Relevant Pages

  • Re: pvp and pve....
    ... you to duel with them, and in turn why do people onPvPonly places complain ... you, and reading in this forum, people seem to complain about Horde waiting ... server, any member of the opposing faction can attack you the moment ... something to turn on your PVP flag). ...
  • Re: NBC mindless venting.
    ... I can't get usenet through my server anymore. ... SCRABBLE on facebook and now I get nothing important done. ... I really have nothing to complain about. ... And all my friends and afore mentioned ...
  • Re: So are you guilty of having (one or more of) "5 bad (restaurant) customer habits"?
    ... want to complain -- if food or service is bad they likely despair of ... The other complaints I cannot relate to: we all order drinks, ... And as long as the server isn't an anus we aren't either. ... promise that if you eat one, the rest will behave. ...
  • Re: Boeing 747 & 777 autoland in crosswind certification video - impressive!
    ... What is happening here is that the server is lying ... the media player is doing more than that. ... imagine that you had a magic gadget that ... > If you want to complain about anyone, complain about the server serving up ...
  • Re: RPC over HTTPS remote users speed question
    ... > complain about outlook freezing and staling when connected to the exchange ... > So based on this i suspect that the users who are complaining dont have a ... > I dont think its the exchcange server because no one else complains about ...