[H-GEN] SSL Vulnerability in Konqueror and Internet Explorer
Robert Brockway
robert at timetraveller.org
Thu Aug 15 03:48:17 EDT 2002
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Hi all. Watch this one. SSL in konqueror (and IE) reportedly has a
serious logic flaw which allows for one ssl enabled site to masquerade as
another. The Bugtraq people already know of an exploit so the Hackerz
will know soon enough. Watch those credit card details.
Rob
---------- Forwarded message ----------
Date: Sun, 11 Aug 2002 22:41:11 -0700
From: Thomas C. Greene <tcgreene at bellatlantic.net>
To: bugtraq at securityfocus.com
Subject: Re: IE SSL Vulnerability (Konqueror affected too)
http://theregister.co.uk/content/4/26620.html
[....]
I've not tested this on IE because several researchers posting to Benham's
BugTraq thread
(http://online.securityfocus.com/archive/1/286895/2002-08-08/2002-08-14/1)
have confirmed the behavior. But I did test it on Mozilla 0.9.4, which Benham
says isn't vulnerable, and Konqueror 3.0 (KDE 3.0.2 on SuSE 8.0), which he
doesn't mention.
Konqueror turned out quite vulnerable. Mozilla was not vulnerable, but I'm not
sure if that's because it handled the situation properly, or is, ironically,
somehow too buggy to be exploited.
I made a simple HTML file with links to the amazon URL. After associating
Benham's test-page IP with www.amazon.com in my hosts file I found that in
Konqueror, following a link to https://www.amazon.com brought me immediately
to the 'you've been hacked' page, indicating total failure. The behavior was
the same when I typed the URL into the address bar.
With Mozilla the URL, https://www.amazon.com simply went nowhere. No cert
warning, no 404, nothing. The browser simply remained on the page from which
I started. The behavior was the same when I typed the URL into the address
bar.
[....]
--tcg
http://theregister.co.uk
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list