Full Disclosure mailing list archives
Windows IPSec Vulnerabilty - still exist
From: "offtopic" <offtopic () mail ru>
Date: Thu, 23 Jun 2005 09:26:01 +0400
Hi list. I found what mitm vulnerability in Microsoft's IPSec (http://lists.seifried.org/pipermail/security/2004-May/003394.html) still exists. IPSec client don't verify subject field in certificate and accept certificates with OID 1.3.6.1.5.5.7.3.2 (TLS Web client authentication). Certificates with OID 1.3.6.1.5.5.7.3.2 (User Template) can be issued to any AD user by Enterprise CA by default.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Windows IPSec Vulnerabilty - still exist offtopic (Jun 22)
- <Possible follow-ups>
- Re: Windows IPSec Vulnerabilty - still exist offtopic (Jun 23)
- Re: Windows IPSec Vulnerabilty - still exist James Longstreet (Jun 23)
- Re: Windows IPSec Vulnerabilty - still exist offtopic (Jun 23)