On Saturday 22 December 2001 15:37, security@e-matters.de wrote: > A proof of concept webpage was put up at http://suspekt.org. Clicking > onto the "To the secure page..." link will send your browser to > https://suspekt.org without IE warning you that the certificate was not > issued onto that server. Looks like Konqueror 2.2.1 (Mandrake Linux 8.1 + OpenSSL 0.9.6b) is also vulnerable. I've got no warning when entering on this page. I've tested it also with lynx 2.8.4rel.1 (compiled with OpenSSL 0.9.6a on FreeBSD) with the same result. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *
