Bugtraq mailing list archives
Re: AW: IE https certificate attack
From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date: 06 Jan 2002 09:04:23 +0100
K.J.Mueller () EnBW com writes:
could it be, that the text-browsers (lynx, links, w3m) don't even bother comparing the actual server name to the certificate's "issued for" entry?
Some of them don't even have a repository of Root CAs, I think.
Neither did any of them complain when accessing a https web page with a self-made certificate.
So they can't check the validity of the certificate at all. -- Florian Weimer Weimer () CERT Uni-Stuttgart DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
Current thread:
- AW: IE https certificate attack K . J . Mueller (Jan 05)
- Re: AW: IE https certificate attack Florian Weimer (Jan 07)
- Re: IE https certificate attack Helmut Springer (Jan 07)
- Re: IE https certificate attack Jim Knoble (Jan 08)
- Re: AW: IE https certificate attack Ben Laurie (Jan 07)
- Re: AW: IE https certificate attack George Staikos (Jan 07)