|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
iphone email client does not validate ssl certificates
From: Bill Borskey (wborskey
gmail.com)
Date: Fri Sep 11 2009 - 12:33:33 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Info:
iPod/iPhone standard e-mail application does not validate SSL certificates
and is vulnerable to a MITM (man in the middle attack).
Vulnerable: All versions.
Discovered by: William Borskey wborskeygmail.com
Discussion:
The mail application that ships with the iPod/iPhone does not validate SSL
certificates. A malicious user can use software such as ettercap-ng to sniff
email passwords without the application warning the victim that the
certificate may be invalid.
Exploit:
This flaw can be exploited with ettercap-ng.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]