CVE-2002-1824

2002-12-31T05:00:00
ID CVE-2002-1824
Type cve
Reporter cve@mitre.org
Modified 2008-09-05T20:31:00

Description

Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.