Bugtraq mailing list archives
Re: IE https certificate attack
From: Stephen Cope <mail-e-23aa7ea58416034f88 () kimihia org nz>
Date: Wed, 26 Dec 2001 10:13:19 +1300
Przemyslaw Frasunek wrote: : Looks like Konqueror 2.2.1 (Mandrake Linux 8.1 + OpenSSL 0.9.6b) is also : vulnerable. I've got no warning when entering on this page. I've tested it Using Konqueror 2.2.1.0-6 (no kdebase-crypto and kdelibs3-crypt) on Debian woody I was warned: The IP address of the host suspekt.org does not match the one the certificate was issued to. After clicking "Continue" I was asked: Would you like to accept this certificate forever without being prompted? "Current Session Only" was the default button for the dialog. Mozilla 0.9.6 complained that the host and certificate didn't match: You have attempted to establish a connection with "suspekt.org". However, the security certificate presented belongs to "ssl.e-matters.de". It is possible, though unlikely, that someone may be trying to intercept your communication with this web site. Galeon 1.0 (which embeds Gecko) had the same response, and then stopped solid as a rock. Skipstone 0.7.6 (which embeds Gecko) stopped solid like a rock. w3m 0.2.1-inu-1.5 did not complain. -- Stephen Cope - http://sdc.org.nz/
Attachment:
_bin
Description:
Current thread:
- IE https certificate attack security (Dec 23)
- Re: IE https certificate attack Dimitris Giannitsaros (Dec 24)
- Re: IE https certificate attack e-matters GmbH - Securityteam (Dec 24)
- Re: IE https certificate attack Geoff Joy (Dec 26)
- Re: IE https certificate attack e-matters GmbH - Securityteam (Dec 24)
- Re: IE https certificate attack Przemyslaw Frasunek (Dec 25)
- Re: IE https certificate attack Diego M. Vadell (Dec 25)
- Re: IE https certificate attack Stephen Cope (Dec 25)
- Re: IE https certificate attack Kevin van Haaren (Dec 25)
- Re: IE https certificate attack Donald King (Dec 26)
- RE: IE https certificate attack The Death (Dec 26)
- <Possible follow-ups>
- FW: IE https certificate attack August September (Dec 26)
- Re: IE https certificate attack Dimitris Giannitsaros (Dec 24)