Flaw: Microsoft Certificate validation
- 06 September, 2002 14:09
Microsoft has advised a flaw in the way some of its applications handle the "Basic Constraints" field in a X.509 certificate could be exploited to spoof the identity of a user. The identity theft could be used to send digitally signed e-mail messages with the stolen certificate.
The flaw affects Windows 98 and up, NT, and XP.
For more, see the security release.