The Register: SSL Defeated in IE and Konqueror
Aug 12, 2002, 21:45 (5 Talkback[s])
(Other stories by Thomas C Greene)
"A colossal stuff-up in Microsoft's and KDE's implementation of
SSL (Secure Sockets Layer) certificate handling makes it possible
for anyone with a valid VeriSign SSL site certificate to forge any
other VeriSign SSL site certificate, and abuse hapless Konqueror
and Internet Explorer users with impunity.
"In more detail, we have a certificate chain issue discovered by
Mike Benham of thoughtcrime.org. A chain is formed when an
intermediate certificate is trusted between server and client.
Supposedly, the intermediate is accepted only if it's signed by the
certificate authority as safe for the purpose. If it's merely
signed by another certificate's key, it ought not to be trusted, or
at least the user should be warned. Unfortunately, due to a
preposterous security engineering oversight, IE and Konqueror don't
bother to check this, so if a tricky site owner signs an
intermediate cert with another valid cert, users will be none the
"The browser, Benham says, 'should verify that the CN [Common
Name] field of the leaf certificate matches the domain it just
connected to, that it's signed by the intermediate CA [Certificate
Authority], and that the intermediate CA is signed by a known CA
certificate. Finally, the Web browser should check that all
intermediate certificates have valid CA basic constraints...'"