Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Hotfix to fix Certificate Validation Flaw (Q329115) is not installed. The vulnerability could enable an attacker who had a valid end-entity certificate to issue a subordinate certificate that, although bogus, would nevertheless pass validation. Because CryptoAPI is used by a wide range of applications, this could enable a variety of identity spoofing attacks.
Affected Software
Affected Software
Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows Me Microsoft Windows NT 4.0 Microsoft Windows NT 4.0, Terminal Server Edition Microsoft Windows 2000 Microsoft Windows XP Microsoft Office for Mac Microsoft Internet Explorer for Mac Microsoft Outlook Express for Mac
Solution
Solution
The vendor has released updates, please see the references for more information.