SSL wildcard certificate matching IP addresses

ID MFSA2010-70
Type mozilla
Reporter Mozilla Foundation
Modified 2010-10-19T00:00:00


Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority.