Certificate Spoofing Vulnerability in Microsoft CryptoAPI and Related Products
CVE-2002-0862
Currently unrated
Key Information:
- Vendor
- Microsoft
- Vendor
- CVE Published:
- 4 October 2002
Summary
The vulnerability in Microsoft's CryptoAPI arises from the improper verification of the Basic Constraints of intermediate CA-signed X.509 certificates. This flaw affects various Microsoft products, including Windows 98, Windows XP, Office for Mac, and Internet Explorer and Outlook Express for Mac. Attackers could exploit this weakness to perform man-in-the-middle attacks, allowing them to spoof certificates for trusted sites during SSL sessions, which can compromise sensitive data and user privacy.
References
EPSS Score
20% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved