Extended Subset

• SteveD has posted an experimental patch for GNUTLS
• Unfortunately, it appears that D-Link routers implement a protocol which allows router reconfiguration via SOAP and don’t authenticate it properly. Mix in a little DNS rebinding and this likely results in a remote-MitM vulnerability.

Tags: MitM, SSL, TLS

This entry was posted on Tuesday, January 12th, 2010 at 5:10 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.