FW: IE https certificate attack

["August September" <august_september () hotmail com>]

Hello,


I've been reading this thread and it remembered me a similar case (I don't 
know if it really classifies as a bug, so I haven't reported it).

Once I had to embed a non-secure object coming from another server to my 
secure page (only available over https), then i did the following: i wrote a 
simple redirect script like this

<?php

header("Location:".$url);

?>

and on the real page asked object through that script like this

<img src="redirect.php?url=http://non.secure.server";>


Both IE and Mozilla displayed this object without any warning.


August



> -----Original Message-----
> From: security () e-matters de [mailto:security () e-matters de]
> Sent: Saturday, December 22, 2001 4:37 PM
> To: bugtraq () securityfocus com
> Subject: IE https certificate attack
>
>
>                            e-matters GmbH
>                           www.e-matters.de
>
>                       -= Security  Advisory =-
>
>
>
>      Advisory: Interner Explorer HTTPS certificate attack
>  Release Date: 2001/12/22        Author: Stefan Esser 
> [s.esser () e-matters de]
>
>   Application: Microsoft Internet Explorer 5.0/5.5/6.0
>      Severity: Vulnerability in IE's SSL Certificate handling allows
>                undetected SSL Man-In-The-Middle attacks
>          Risk: Very High
> Vendor Status: Notified
>     Reference: http://security.e-matters.de/advisories/012001.html


_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com