Potential Man-in-the-Middle Attack Vulnerability in Microsoft Internet Explorer 6.0

Potential Man-in-the-Middle Attack Vulnerability in Microsoft Internet Explorer 6.0

CVE-2002-1824 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.

Learn more about our Web App Pen Testing.