[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Windows IPSec Vulnerabilty - still exist



Hi list.
I found what mitm vulnerability in Microsoft's IPSec 
(http://lists.seifried.org/pipermail/security/2004-May/003394.html) still 
exists.
IPSec client don't verify subject field in certificate and accept certificates 
with OID 1.3.6.1.5.5.7.3.2 (TLS Web client authentication). 
Certificates with OID 1.3.6.1.5.5.7.3.2 (User Template) can be issued to any AD 
user by Enterprise CA by default. 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/