Back to search
CVE-2002-1824
Published: Jun 28, 2005
Modified: Sep 17, 2024
PUBLISHED
Description
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ie-ssl-certificate-expired(10180)
vdb-entry
x_refsource_XF
20020923 IE6 SSL Certificate Chain Verification
mailing-list
x_refsource_BUGTRAQ
5778
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now