Bugtraq mailing list archives

AW: IE https certificate attack

From: K.J.Mueller () EnBW com
Date: Thu, 3 Jan 2002 15:04:17 +0100

Hi,

could it be, that the text-browsers (lynx, links, w3m) don't even
bother comparing the actual server name to the certificate's 
"issued for" entry?

I just tested these and none complained:

- lynx 2.8.5dev.2 (with OpenSSL 0.9.6a)
- links 0.96
- w3m 0.1.11-pre
(all on Mandrake Linux 8.1)

Neither did any of them complain when accessing a https web page
with a self-made certificate.


Regards, K.

Looks like Konqueror 2.2.1 (Mandrake Linux 8.1 + OpenSSL 0.9.6b) is also 
vulnerable. I've got no warning when entering on this page. I've tested it

also with lynx 2.8.4rel.1 (compiled with OpenSSL 0.9.6a on FreeBSD) with

the

same result. 

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** 
NIC-HDL: PMF9-RIPE *
* Inet: przemyslaw () frasunek com ** PGP: 
D48684904685DF43EA93AFA13BE170BF *

Current thread:

AW: IE https certificate attack K . J . Mueller (Jan 05)
- Re: AW: IE https certificate attack Florian Weimer (Jan 07)
- Re: IE https certificate attack Helmut Springer (Jan 07)
  - Re: IE https certificate attack Jim Knoble (Jan 08)
- Re: AW: IE https certificate attack Ben Laurie (Jan 07)
- Re: AW: IE https certificate attack George Staikos (Jan 07)