Full Disclosure mailing list archives

Re: [Advisory] Phishing Vulnerability in Verisign Network

From: Tonu Samuel <tonu () jes ee>
Date: Sun, 15 Jul 2007 15:22:04 +0300

On Sat, 2007-07-14 at 08:03 -0700, Aditya K Sood wrote:

Advisory : Phishing Vulnerability in Verisign Network
Dated :  5 July 2007
Severity : Critical


Sorry but Verisign plainly sucks. I found some problems in their system
when tried to get vertificates for web server. After I reported issue to
them I get continuous spam from them trying to sell their services to
me.

To reproduce those problems with their site you can issue certificate
request with empy Common Name (CN) for example. It crashes Verisign
scripts. 

   Tõnu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[Advisory] Phishing Vulnerability in Verisign Network Aditya K Sood (Jul 12)
- Re: [Advisory] Phishing Vulnerability in Verisign Network Tonu Samuel (Jul 15)
- <Possible follow-ups>
- [Advisory] Phishing Vulnerability in Verisign Network Aditya K Sood (Jul 13)