[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: IE https certificate attack
From:       Geoff Joy <geoff () windowmeister ! com>
Date:       2001-12-27 2:00:09
[Download RAW message or body]

Internet Explorer 6.0.2600.0000 with the latest Critical Updates
including Q306121; Q312461; Q313675 is VULNERABLE.

Tested in Windows 2000 Professional 5.0.2195 SP2:
                Patch Found     MS00-077        Q299796
                Patch Found     MS00-079        Q276471
                Patch Found     MS01-007        Q285851
                Patch Found     MS01-013        Q285156
                NOTE            MS01-022        Q296441
                Patch Found     MS01-025        Q296185
                Patch Found     MS01-031        Q299553
                Patch Found     MS01-037        Q302755
                Patch Found     MS01-041        Q298012
                Patch Found     MS01-043        Q303984
                Patch Found     MS01-046        Q252795



Manually checking the certificate reveals that the domain issued to
the certificate does not match the domain of the web site.


[prev in list] [next in list] [prev in thread] [next in thread]