CVE-2013-0743

Описание

[REJECTED CVE] TURKTRUST, a certificate authority in Mozilla’s root program, had mis-issued two intermediate certificates to customers. One of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. An intermediate certificate that is used for MITM allows the holder of the certificate to decrypt and monitor communication within their network between the user and any website. Additionally, If the private key to one of the mis-issued intermediate certificates was compromised, then an attacker could use it to create SSL certificates containing domain names or IP addresses that the certificate holder does not legitimately own or control. An attacker armed with a fraudulent SSL certificate and an ability to control their victim’s network could impersonate websites in a way that would be undetectable to most users. Such certificates could deceive users into trusting websites appearing to originate from the domain owners, but actually containing malicious content or software.