Certificate Spoofing Vulnerability in Microsoft CryptoAPI and Related Products
CVE-2002-0862

Currently unrated

Key Information:

Vendor
Microsoft
Vendor
CVE Published:
4 October 2002

Summary

The vulnerability in Microsoft's CryptoAPI arises from the improper verification of the Basic Constraints of intermediate CA-signed X.509 certificates. This flaw affects various Microsoft products, including Windows 98, Windows XP, Office for Mac, and Internet Explorer and Outlook Express for Mac. Attackers could exploit this weakness to perform man-in-the-middle attacks, allowing them to spoof certificates for trusted sites during SSL sessions, which can compromise sensitive data and user privacy.

References

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.