[23616] in bugtraq
Re: IE https certificate attack
daemon@ATHENA.MIT.EDU (Diego M. Vadell)
Tue Dec 25 22:25:04 2001
Date: Tue, 25 Dec 2001 16:12:25 -0300
From: "Diego M. Vadell" <dvadell@uyr.com.ar>
To: bugtraq@securityfocus.com
Message-Id: <20011225161225.6749a93a.dvadell@uyr.com.ar>
In-Reply-To: <200112251514.fBPFEdg15186@mailhost.freebsd.lublin.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Hi,
Just FYI, I did get a warning as soon as I entered http://suspekt.org/ with Konqueror from KDE3beta1.
"The Ip address of the host supekt.org does not match the one the certificate was issued to."
Diego.
On Tue, 25 Dec 2001 16:14:39 +0100
"Przemyslaw Frasunek" <venglin@freebsd.lublin.pl> wrote:
> On Saturday 22 December 2001 15:37, security@e-matters.de wrote:
> > A proof of concept webpage was put up at http://suspekt.org. Clicking
> > onto the "To the secure page..." link will send your browser to
> > https://suspekt.org without IE warning you that the certificate was not
> > issued onto that server.
>
> Looks like Konqueror 2.2.1 (Mandrake Linux 8.1 + OpenSSL 0.9.6b) is also
> vulnerable. I've got no warning when entering on this page. I've tested it
> also with lynx 2.8.4rel.1 (compiled with OpenSSL 0.9.6a on FreeBSD) with the
> same result.
>
> --
> * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
> * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *
