[Am-info] Win - IE improper SSL server name checking
Fred A. Miller
fm@cupserv.org
Fri, 28 Dec 2001 11:20:06 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Win - IE improper SSL server name checking
An advisory indicates a potential problem in Internet Explorer and
how it verifies/caches invalid SSL certificates. It may be possible
to trick IE into caching an invalid certificate and then to use
that certificate without the user knowing. This could result in the
man-in-the-middle attack.
This vulnerability has not been confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0077.html
- --
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8LJu3IhTtc6nTZIIRAqEwAJ9Y6fUQEHKffBe6grpGpwU7JArrMACfVWaq
4zg9xpQL2wot0RW+4dclrQg=
=95Za
-----END PGP SIGNATURE-----