Full Disclosure mailing list archives

Windows IPSec Vulnerabilty - still exist

From: "offtopic" <offtopic () mail ru>
Date: Thu, 23 Jun 2005 09:26:01 +0400

Hi list.
I found what mitm vulnerability in Microsoft's IPSec 
(http://lists.seifried.org/pipermail/security/2004-May/003394.html) still exists.
IPSec client don't verify subject field in certificate and accept certificates with OID 1.3.6.1.5.5.7.3.2 (TLS Web 
client authentication). 
Certificates with OID 1.3.6.1.5.5.7.3.2 (User Template) can be issued to any AD user by Enterprise CA by default.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Windows IPSec Vulnerabilty - still exist offtopic (Jun 22)
- <Possible follow-ups>
- Re: Windows IPSec Vulnerabilty - still exist offtopic (Jun 23)
  - Re: Windows IPSec Vulnerabilty - still exist James Longstreet (Jun 23)
- Re: Windows IPSec Vulnerabilty - still exist offtopic (Jun 23)