MS02-050: certificate validation flaw could enable identity spoofing. (Microsoft).(Brief Article)
Information Systems Auditor, October, 2002
Issue
The IETF Profile of the X.509 certificate standard defines several optional fields that can be included in a digital certificate. One of these is the Basic Constraints field, which indicates the maximum allowable length of the certificate's chain and whether the certificate is a Certificate Authority or an end-entity certificate. However, the application program interfaces (APIs) within CryptoAPI that construct and validate certificate chains --CertGetCertificateChain(), CertVerifyCertificateChainPolicy() and WinVerifyTrust()--do not check the Basic Constraints field. The same flaw, unrelated to CryptoAPI, is also present in several Microsoft products for Macintosh.
The vulnerability could enable attackers who had a valid end-entity certificate...
Most Recent Business Articles
- Your feedback
- Why fly solo when an executive assistant can accelerate your CLNC® business?
- The CLNC® mentors held the key to my first case and to my CLNC® success
- Atlanta CLNC® 6-day certification seminar photo gallery—plus sign up today for spring 2009 to save $100.00
- Announcing the 2009 NACLNC® conference keynote speaker, Stedman Graham: move like a maverick for breakaway CLNC® success at the 2009 NACLNC® conference
Most Recent Business Publications
Most Popular Business Articles
- Using object-oriented analysis and design over traditional structured analysis and design
- Big Fish Games Migrates Upstream to Fisher Plaza; High Growth Online Gaming Firm Vaults Fisher Plaza Occupancy Rate Above 90%
- Top of the line: some of the world's most well-respected doctors practice in South Florida. A guide to choosing the best physician specialists - Top Doctors in South Florida
- Sand filter basics: high-rate sand filters can be confusing for those new to the business. Understanding valve modes is the key
- BEHR Paints Introduces a Colorful New Way to Paint and Prime All in One with BEHR Premium Plus Ultra™ Interior
Sponsored by Merrill Lynch