Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow malicious users to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft ie 6.0 |
||
microsoft internet explorer 6.0 |