Vigil@nce - Windows Server: filtering bypass with revoked certificate in the IP-HTTPS component
December 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker who haves a certificate for a domain managed by
Windows Server, can bypass the authentication managed by the
IP-HTTPS component.
Impacted products: Windows 2008, Microsoft Windows 2012
Severity: 2/4
Creation date: 12/12/2012
DESCRIPTION OF THE VULNERABILITY
An attacker who haves a certificate for a domain managed by
Windows Server, can bypass the authentication managed by the
IP-HTTPS component.
Technicals details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN