- Home
- CVEs with nessus.description==Opera reports :
A specially crafted digital certificate can bypass Opera's certificate
signature verification. Forged certificates can contain any false
information the forger chooses, and Opera will still present it as
valid. Opera will not present any warning dialogs in this case, and
the security status will be the highest possible (3). This defeats the
protection against 'man in the middle', the attacks that SSL was
designed to prevent.
There is a flaw in OpenSSL's RSA signature verification that affects
digital certificates using 3 as the public exponent. Some of the
certificate issuers that are on Opera's list of trusted signers have
root certificates with 3 as the public exponent. The forged
certificate can appear to be signed by one of these.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top