[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [Advisory] Phishing Vulnerability in Verisign Network

To: Aditya K Sood <zeroknock@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] [Advisory] Phishing Vulnerability in Verisign Network
From: Tonu Samuel <tonu@xxxxxx>
Date: Sun, 15 Jul 2007 15:22:04 +0300

On Sat, 2007-07-14 at 08:03 -0700, Aditya K Sood wrote:
> Advisory : Phishing Vulnerability in Verisign Network
> Dated :  5 July 2007
> Severity : Critical

Sorry but Verisign plainly sucks. I found some problems in their system
when tried to get vertificates for web server. After I reported issue to
them I get continuous spam from them trying to sell their services to
me.

To reproduce those problems with their site you can issue certificate
request with empy Common Name (CN) for example. It crashes Verisign
scripts. 

   Tõnu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] [Advisory] Phishing Vulnerability in Verisign Network
  - From: Aditya K Sood

Prev by Date: [Full-disclosure] projections - another Web2.0/Security projection
Next by Date: [Full-disclosure] a cryptographic secret story
Previous by thread: [Full-disclosure] [Advisory] Phishing Vulnerability in Verisign Network
Next by thread: [Full-disclosure] [Advisory] Phishing Vulnerability in Verisign Network
Index(es):
- Date
- Thread