[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Windows IPSec Vulnerabilty - still exist
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Windows IPSec Vulnerabilty - still exist
- From: "offtopic" <offtopic@xxxxxxx>
- Date: Thu, 23 Jun 2005 09:26:01 +0400
Hi list.
I found what mitm vulnerability in Microsoft's IPSec
(http://lists.seifried.org/pipermail/security/2004-May/003394.html) still
exists.
IPSec client don't verify subject field in certificate and accept certificates
with OID 1.3.6.1.5.5.7.3.2 (TLS Web client authentication).
Certificates with OID 1.3.6.1.5.5.7.3.2 (User Template) can be issued to any AD
user by Enterprise CA by default.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/