Bugtraq mailing list archives
Re: **maillist:: Outlook S/MIME Vulnerability
From: Thomas Seliger <SQEHXLLBQUJX () spammotel com>
Date: Tue, 03 Sep 2002 16:06:39 +0200
Since the failure of checking certificate chain correctly seems to be buried deeper in windows (maybe in some DLL? some info from microsoft would be greatly appreciated, but their security offensive seems to be hot air anyway), i could imagine more possibilities to exploit it:
* certificates of components:anyone tried to spoof the certificates of components (like plugins) that are installed if you click on them?
* certificates used for IPSec authentication:windows 2000 includes a IPSec implementation, authentication can be done by certificates. If i remember correctly, you can define a CA that is signing your IPSec partners, so that you can trust the IPSec connection partner. Can you spoof that also?
cu Thomas Seliger
Current thread:
- Outlook S/MIME Vulnerability Mike Benham (Sep 02)
- Re: Outlook S/MIME Vulnerability Spyder (Sep 03)
- Re: **maillist:: Outlook S/MIME Vulnerability Thomas Seliger (Sep 03)
- Re: **maillist:: Outlook S/MIME Vulnerability Timothy J . Miller (Sep 04)
- Re: **maillist:: Outlook S/MIME Vulnerability Torbjörn Hovmark (Sep 04)