[23623] in bugtraq
Re: IE https certificate attack
daemon@ATHENA.MIT.EDU (Donald King)
Wed Dec 26 19:31:47 2001
Content-Type: text/plain;
charset="iso-8859-1"
From: Donald King <donald_king@mail.com>
To: bugtraq@securityfocus.com
Date: Wed, 26 Dec 2001 12:32:15 -0600
In-Reply-To: <20011222153704.A8049@e-matters.de>
MIME-Version: 1.0
Message-Id: <01122612321501.23923@chronos>
Content-Transfer-Encoding: 8bit
On Sat 22 Dec 2001 08:37, security@e-matters.de wrote:
[Snip]
> A flaw in Microsoft Internet Explorer allows an attacker to perform
> a SSL Man-In-The-Middle attack without the majority of users
> recognising it. In fact the only way to detect the attack is to manually
> compare the server name with the name stored in the certificate.
>
[Snip]
I have confirmed the following on my own system:
* Konqueror 2.1 is VULNERABLE;
* Mozilla 0.9.6 is not vulnerable;
* Netscape 4.75 is not vulnerable.
--
Donald King, a.k.a. Chronos Tachyon
http://chronos.dyndns.org/ -- WWED?
Guardian of Eristic Paraphernalia
Gatekeeper of the Region of Thud
12:17pm up 59 days, 16:03, 1 user, load average: 0.13, 0.13, 0.09
