Re: **maillist:: Outlook S/MIME Vulnerability

From: Thomas Seliger (SQEHXLLBQUJX@spammotel.com)
Date: 09/03/02


Date: Tue, 03 Sep 2002 16:06:39 +0200
From: Thomas Seliger <SQEHXLLBQUJX@spammotel.com>
To: bugtraq@securityfocus.com

Since the failure of checking certificate chain correctly seems to be
buried deeper in windows (maybe in some DLL? some info from microsoft
would be greatly appreciated, but their security offensive seems to be
hot air anyway), i could imagine more possibilities to exploit it:

* certificates of components:
anyone tried to spoof the certificates of components (like plugins) that
are installed if you click on them?

* certificates used for IPSec authentication:
windows 2000 includes a IPSec implementation, authentication can be done
by certificates. If i remember correctly, you can define a CA that is
signing your IPSec partners, so that you can trust the IPSec connection
partner. Can you spoof that also?

cu
Thomas Seliger



Relevant Pages

  • Windows 2000 & Mandrake MNF
    ... Trying to set up a Windows 2000 client as ... Connections)to use IPSec and configured it to connect to the MNF IPSec ... Does Windows 2000 support the certificates generated by Mandrake MNF? ...
    (microsoft.public.win2000.networking)
  • Windows 2000 & Mandrake MNF
    ... Trying to set up a Windows 2000 client as ... Connections)to use IPSec and configured it to connect to the MNF IPSec ... Does Windows 2000 support the certificates generated by Mandrake MNF? ...
    (microsoft.public.win2000.security)
  • Re: The art of negotiation and trust in IPSEC
    ... They would need to be ipsec certificates or possibly machine certificates as ... IPSEC to confirm the validity of the Cert on the remote endpoint? ... > (or preshared key)) to authenticate/validate the enpoints of the IPSEC ...
    (microsoft.public.win2000.security)
  • Configuring IPsec with IKE authentication using self signed certificates
    ... 2000 machine with IKE authentication using self signed ... Solaris and Windows 2000 Pro using IPSec. ... certificates. ...
    (microsoft.public.win2000.networking)
  • Configuring IPsec with IKE authentication with self signed certificates
    ... 2000 machine with IKE authentication using self signed ... Solaris and Windows 2000 Pro using IPSec. ... certificates. ...
    (microsoft.public.win2000.security)