SSL Certificate Vulnerabilities
57 views
Skip to first unread message
canony...@gmail.com
Jul 1, 2015, 5:42:44 AM7/1/15
to null-...@googlegroups.com
Hello Folk,
Can you please elaborate about SSL certificates vulnerabilities such as:
1. SSL Certificate cannot be trusted
2. SSL Self signed Certificate
3. SSL Certificate Expiry
What is the impact of these vulnerabilities and what attacker can do with the help of this vulnerabilities.
Your feedback is very important for me. Thanks.
Best Regards,
Anonymous
G0tD4un1k
Jul 1, 2015, 6:48:11 AM7/1/15
to null-...@googlegroups.com
Dear Anonymous,
Are these vulnerabilities coming from a Nessus scan? :)
You may want to start reading on SSL certificates, ssl stripping, MiTM as this will give you better picture of the security flaw with the certs how an attacker can use available attack surface and vectors to expoit the weakness.
Once you are more equipped with information we can discuss further.
Regards
G0tD4un1k
Are these vulnerabilities coming from a Nessus scan? :)
You may want to start reading on SSL certificates, ssl stripping, MiTM as this will give you better picture of the security flaw with the certs how an attacker can use available attack surface and vectors to expoit the weakness.
Once you are more equipped with information we can discuss further.
Regards
G0tD4un1k
skepticfx
Jul 1, 2015, 2:45:47 PM7/1/15
to null-...@googlegroups.com
The three points that you mentioned, seems to involve improper certificate validation. If you want to learn about the actual issues with Certificate validation and have some time, I would recommend reading this RFC: https://tools.ietf.org/html/rfc6125. Usually all these attacks due to improper certificate validation results in impersonating the server (a.ka. an active MITM).
Reply all
Reply to author
Forward
0 new messages