TUCoPS :: Browsers :: expl5248.htm

Internet Explorer abusive SSL certificate trusting
9th Apr 2002 [SBWID-5248]

	Internet Explorer abusive SSL certificate trusting


	All current versions


	0x90 [http://www.invisiblenet.net] found following, regarding SSL  issue
	in Internet explorer :

	The reason for the ssl issue in Microsoft\'s IE browser is because  when
	requestsing an

	<img src=\"https://website.com/doesnotexist.gif\" width=1 height=1>


	before going to the page, it has chosen to  not  question  the  cert  at
	that point either, because of the embedded object in  the  source  code.
	Even if the embedded object does not exist, it  will  still  trust  from
	that point on. This is a small and stupid bug on IE\'s part, and  is  an
	easy fix, the question of why it isn\'t is really a microsoft issue.

	This can easily be exploitable by the Man in  the  Middle/replay  attack
	as Eve can request the img src in midstream upon  Alice\'s  request  for
	cert, then send a signed but not valid to  the  host\'s  cert,  allowing
	Eve to handle the trusting before Alice is even notified.

	A proof of concept for your browser checking is here




	until fixed, I advise everyone to check all certs if using IE, and  even
	if not, don\'t click yes on impulse. This is not a  likely  attack  from
	kiddiez or hackers, but the powers above us can easily exploit this,  or
	the nearest network administrator on your corporate network :)

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH