Bugtraq mailing list archives
Re: IE https certificate attack
From: Donald King <donald_king () mail com>
Date: Wed, 26 Dec 2001 12:32:15 -0600
On Sat 22 Dec 2001 08:37, security () e-matters de wrote: [Snip]
A flaw in Microsoft Internet Explorer allows an attacker to perform a SSL Man-In-The-Middle attack without the majority of users recognising it. In fact the only way to detect the attack is to manually compare the server name with the name stored in the certificate.
[Snip] I have confirmed the following on my own system: * Konqueror 2.1 is VULNERABLE; * Mozilla 0.9.6 is not vulnerable; * Netscape 4.75 is not vulnerable. -- Donald King, a.k.a. Chronos Tachyon http://chronos.dyndns.org/ -- WWED? Guardian of Eristic Paraphernalia Gatekeeper of the Region of Thud 12:17pm up 59 days, 16:03, 1 user, load average: 0.13, 0.13, 0.09
Current thread:
- IE https certificate attack security (Dec 23)
- Re: IE https certificate attack Dimitris Giannitsaros (Dec 24)
- Re: IE https certificate attack e-matters GmbH - Securityteam (Dec 24)
- Re: IE https certificate attack Geoff Joy (Dec 26)
- Re: IE https certificate attack e-matters GmbH - Securityteam (Dec 24)
- Re: IE https certificate attack Przemyslaw Frasunek (Dec 25)
- Re: IE https certificate attack Diego M. Vadell (Dec 25)
- Re: IE https certificate attack Stephen Cope (Dec 25)
- Re: IE https certificate attack Kevin van Haaren (Dec 25)
- Re: IE https certificate attack Donald King (Dec 26)
- RE: IE https certificate attack The Death (Dec 26)
- <Possible follow-ups>
- FW: IE https certificate attack August September (Dec 26)
- Re: IE https certificate attack Dimitris Giannitsaros (Dec 24)