[Full-disclosure] [Advisory] Phishing Vulnerability in Verisign Network
Tonu Samuel
tonu at jes.ee
Sun Jul 15 13:22:04 BST 2007
On Sat, 2007-07-14 at 08:03 -0700, Aditya K Sood wrote:
> Advisory : Phishing Vulnerability in Verisign Network
> Dated : 5 July 2007
> Severity : Critical
Sorry but Verisign plainly sucks. I found some problems in their system
when tried to get vertificates for web server. After I reported issue to
them I get continuous spam from them trying to sell their services to
me.
To reproduce those problems with their site you can issue certificate
request with empy Common Name (CN) for example. It crashes Verisign
scripts.
Tõnu
Full-Disclosure is hosted and sponsored by Secunia.