“Our team has discovered a flaw in Netscape Navigator that
allows bypassing of warning about an invalid SSL certificate. SSL
protection is used in most major Internet-based financial services
(e-banking, e-commerce). The flaw we have found effectively
disables one of the two basic SSL functionalities: to assure users
that they are really communicating with the intended web server –
and not with a fake one. Using this flaw, the attacker can make
users send secret information (like credit card data and passwords)
to his web server rather than the real one – EVEN IF THE
COMMUNICATION IS PROTECTED BY SSL PROTOCOL.”
“Netscape Navigator correctly checks the certificate
conditions (*) at the beginning of a SSL session it establishes
with a certain web server. The flaw is, while this SSL session is
still alive, all HTTPS connections to *THAT SERVER’S IP ADDRESS*
are assumed to be a part of this session (and therefore certificate
conditions are not checked again). Instead of comparing
hostnames to those of currently open sessions, Navigator compares
IP addresses. Since more than one hostname can have the same IP
address, there is a great potential for security breach. This
behavior is not in compliance with SSL specification.”