2 matches found
samba: group policy certificate enrollment uses http:// without validation
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...
MS02-048: Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (323172)
The remote host contains a version of the Certificate Enrollment control that may allow an attacker to delete certificates. To exploit this vulnerability an attacker must create a rogue web server with SSL and lure the user to visit this site. C Tenable Network Security, Inc. include"compat.inc";...