IE Mishandles SSL Certificates

 
IE Mishandles SSL Certificates
Reported June 5 by ACROS Penetration Team

VERSIONS EFFECTED
  • Microsoft Internet Explorer 4.0
  • Microsoft Internet Explorer 4.01
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 5.01

DESCRIPTION

According to Microsoft"s bulletin on the matter, "two vulnerabilities have been identified in the way IE handles digital certificates. When a connection to a secure server is made via either an image or a frame, IE only verifies that the server’s SSL certificate was issued by a trusted root – it does not verify the server name or the expiration date. When a connection is made via any other means, all expected validation is performed.

\[The second issue is that\] even if the initial validation is made correctly, IE does not re-validate the certificate if a new SSL session is established with the same server during the same IE session.

The circumstances under which these vulnerabilities could be exploited are fairly restricted. In both cases, it is likely that the attacker would need to either carry out DNS cache poisoning or physically replace the server in order to successfully carry out an attack via this vulnerability. The timing would be especially crucial in the second case, as the malicious user would need to poison the cache or replace the machine during the interregnum between the two SSL sessions."

VENDOR RESPONSE

Microsoft has released a patch for IE 5.01, as well as Support Online article Q254902. According to Microsoft, a patch for IE 4.x that supports IE Service Pack 2 will be released shortly.

CREDITS
Discovered and reported by ACROS Penetration Team

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish