more details on Safari SSL bug

Posted by deepquest on May 12, 2003 – 7:12 pm

Apple’s Safari web browser does not validate the Common Name (CN) field on X.509 certificates that are downloaded to the client at the start of SSL/TLS sessions.

here is more details from Simson L. Garfinkel’s original post:

Problem: Multiple Web Browsers do not do not validate CN on certificates.

Effected Versons:
Safari 1.0 Beta (v60)
Safari 1.0 Beta 2 (v73)
Konqueror Embedded (unknown version; common browser on Open Zaurus)
[NOTE: Konquror 3.0.5 does not exhibit the problem.]

Both versions of Safari were tested on MacOS 10.2.5 and 10.2.6.

While doing work for an article on PKI, Jesse Burns and I discovered
that Apple’s Safari web browser does not validate the Common Name (CN)
field on X.509 certificates that are downloaded to the client at the
start of SSL/TLS sessions. This bug is particularly annoying because
there is no way that we can find inside Safari to view the contents of
a certificate; double-clicking on the “lock” icon does nothing.

We are divided on whether or not this is a serious bug: Jesse feels
that it is sufficient reason that people should stop using
Safari until it is fixed. Simson feels that PKI has been deployed so poorly and is so
meaningless that it really doesn’t matter if Safari validates
certificiates or not.

Test vectors:
1. [url=https://www.sandstorm.net/]https://www.sandstorm.net/[/url]
2. [url=https://bugreporter.apple.com/]https://bugreporter.apple.com/[/url]

Regarding Test Vector #1:

Sandstorm’s home page is web-hosted at Vineyard.NET, a small ISP on
Martha’s Vineyard. Because Vineyard.NET multi-homes its clients, the
IP address 204.17.195.91 is shared by both [url=http://www.sandstorm.net]www.sandstorm.net[/url] and
Vineyard.NET’s administrative server, [url=http://www.vineyard.net]www.vineyard.net[/url] However,
because VIneyard.NET has enabled SSL only for its own internal use and
not for its customers, 204.17.195.91:443 points to [url=http://www.vineyard.net,]www.vineyard.net,[/url]
and the certficiate at 204.17.195.91:443 is Vineyard.NET’s.

Regarding Test Vector #2:

A “GET /” at [url=https://bugreporter.apple.com/]https://bugreporter.apple.com/[/url] retrieves a JavaScript
document that executes the following:

This post is under “Security” and has 1 respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

1 Respond so far- Add one»

1. texas holdem poker Said：
December 8th, 2004 at 10:49 pm
online poker 888 online poker http://www.online-poker-888.info
online texas holdem online texas holdem http://www.on-line-texas-holdem.com
online poker tips online poker tips http://www.online-poker–tips.com
play texas hold em play texas hold em http://www.texas-hold-em-rooms.com
texas hold em texas hold em http://www.texas-hold-em-a.com
online poker game online poker game http://www.online-poker-games.com
texas holdem poker texas holdem poker http://www.texas-holdem-i.com
partypoker partypoker http://www.partypoker-i.com
online poker tips online poker tips http://www.1-poker-tips.com
free online poker online poker http://www.online-poker-333.com

Post a reply

You must be logged in to post a comment.

« SSL bug in Safari browser. RIAA Admits Piracy Goof… goof! goof! »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.