Vulnerability: OCSP Service in Apple Mac OS X Allows Acceptance of Revoked Certificates

Vulnerability: OCSP Service in Apple Mac OS X Allows Acceptance of Revoked Certificates

CVE-2006-4409 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.

Learn more about our Web Application Penetration Testing UK.