SSL defeated in IE and Konqueror

Source: Security Focus

A colossal stuff-up in Microsoft's and KDE's implementation of SSL (Secure Sockets Layer) certificate handling makes it possible for anyone with a valid VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, and abuse hapless Konqueror and Internet Explorer users with impunity.

In more detail, we have a certificate chain issue discovered by Mike Benham of thoughtcrime.org. A chain is formed when an intermediate certificate is trusted between server and client. Supposedly, the intermediate is accepted only if it's signed by the certificate authority as safe for the purpose. If it's merely signed by another certificate's key, it ought not to be trusted, or at least the user should be warned. Unfortunately, due to a preposterous security engineering oversight, IE and Konqueror don't bother to check this, so if a tricky site owner signs an intermediate cert with another valid cert, users will be none the wiser.

The browser, Benham says, "should verify that the CN [Common Name] field of the leaf certificate matches the domain it just connected to, that it's signed by the intermediate CA [Certificate Authority], and that the intermediate CA is signed by a known CA certificate. Finally, the Web browser should check that all intermediate certificates have valid CA basic constraints."