[23716] in bugtraq
AW: IE https certificate attack
daemon@ATHENA.MIT.EDU (K.J.Mueller@EnBW.com)
Sat Jan 5 21:43:50 2002
Message-ID: <5FA09C38463BEE4B855CCA87732E639C5BB003@s23072.dns1.enbw>
From: K.J.Mueller@EnBW.com
To: venglin@freebsd.lublin.pl, security@e-matters.de,
bugtraq@securityfocus.com
Date: Thu, 3 Jan 2002 15:04:17 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-2"
Hi,
could it be, that the text-browsers (lynx, links, w3m) don't even
bother comparing the actual server name to the certificate's
"issued for" entry?
I just tested these and none complained:
- lynx 2.8.5dev.2 (with OpenSSL 0.9.6a)
- links 0.96
- w3m 0.1.11-pre
(all on Mandrake Linux 8.1)
Neither did any of them complain when accessing a https web page
with a self-made certificate.
Regards, K.
> Looks like Konqueror 2.2.1 (Mandrake Linux 8.1 + OpenSSL 0.9.6b) is also
> vulnerable. I've got no warning when entering on this page. I've tested it
> also with lynx 2.8.4rel.1 (compiled with OpenSSL 0.9.6a on FreeBSD) with
the
> same result.
>
> --
> * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ **
> NIC-HDL: PMF9-RIPE *
> * Inet: przemyslaw@frasunek.com ** PGP:
> D48684904685DF43EA93AFA13BE170BF *
