[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Same ol' massive MITM exposure in Netscape 2.01b



Simon Spero wrote:
> 1) The client does not do any verification that the certificate used for
> the transaction is one associated with the server, allowing MITM
> substitutions as long as the server has a properly signed certificate
> 
> 2) The client does not issue warnings for redirections from one https
> page to another https page, even if the url to which it is redirected has
> a different hostname to the url originally dereferenced.

  I'm working on these right now.  A future beta will have fixes for
this.

> 3) In the case of redirection, the document info screen does not provide
> information about the originaly referenced page, just the final page.
> This allows the MITM to intercept the first request, steal the request
> data, then issue a redirect to hide the certificate used in the intercept.

  If the previous two are fixed, it doesn't seem that this is really
important.

> 4) In the beta version, the document info page does not display the
> security info (I did check with  MITM disabled).

  Did you have the disk cache turned off?

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.