Opera Fails to Check Revoked Intermediate Certificates
|
|
SecurityTracker Alert ID: 1022799 |
|
SecurityTracker URL: http://securitytracker.com/id/1022799
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 1 2009
|
Impact:
Modification of authentication information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 10.00
|
Description:
A vulnerability was reported in Opera. The browser fails to check for revoked intermediate certificates.
For certificates not served by the destination web site, Opera does not check the revocation status for intermediate certificates. If the intermediate certificate has been revoked, the browser may incorrectly display the connection as secure.
|
Impact:
The browser may fail to detect revoked intermediate certificates.
|
Solution:
The vendor has issued a fix (10.00).
The vendor's advisory is available at:
http://www.opera.com/support/kb/view/929/
|
Vendor URL: www.opera.com/support/kb/view/929/ (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS:
Linux (Any), UNIX (FreeBSD), UNIX (OS X), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 1 Sep 2009 13:58:54 -0400
Subject: Opera
|
http://www.opera.com/support/kb/view/929/
Advisory: Sites using revoked intermediate certificates might be shown as secure
|
|
