Major IE SSL Vulnerability?

From: Emlyn O'regan (oregan.emlyn@healthsolve.com.au)
Date: Wed Aug 14 2002 - 19:34:24 MDT


This has come up today, and is of some concern to me professionally. I was
wondering whether anyone else here knows anything about it? Harvey? I'm not
sure if it's real, or a big hoax.

Apparently, using SSL via IE (versions 4 through 6, I think, but especially
4 through 5.5), you are vulnerable to a relatively simple man-in-the-middle
attack. Here's the bugtraq thread:

http://online.securityfocus.com/archive/1/286895/2002-08-08/2002-08-14/1

Emlyn

***************************************************************************
Confidentiality: The contents of this email are confidential and are
intended only for the named recipient. If the reader of this e-mail is not
the intended recipient you are hereby notified that any use, reproduction,
disclosure or distribution of the information contained in the e-mail is
prohibited. If you have received this e-mail in error, please reply to us
immediately and delete the document.
Viruses: Any loss/damage incurred by using this material is not the sender's
responsibility. Our entire liability will be limited to resupplying the
material. No warranty is made that this material is free from computer virus
or other defect.



This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:16:07 MST