Guest User


a guest
Apr 25th, 2014
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. "About a week ago some colleagues and I discovered a set of x509 certificates which exhibited certain interesting properties. The subset relevant to this thread being:
  3. They appeared trusted and their chains appeared valid and trusted - but no member of the chains was explicitly trusted by the system (i.e. no results via certmgr.msc).
  5. On execution (not installation) of the certificates, a CA was added to the local computer as a trusted root CA (this time visible via certmgr.msc). Its chain appeared valid and trusted - but again no members were explicitly trusted.
  7. The certificates of the "ghost" CAs were not viewable.
  9. This behaviour was confirmed in fresh instances of Windows 8, Windows 7 and Windows Vista. Windows XP and Windows 2000 are negative. Other versions and other platforms were not tested. The x509 certificates are parsable by a number of cryptographic libraries including OpenSSL.
  11. Is anyone aware of a mechanism capable of causing this pattern?"
RAW Paste Data