- "About a week ago some colleagues and I discovered a set of x509 certificates which exhibited certain interesting properties. The subset relevant to this thread being:
- They appeared trusted and their chains appeared valid and trusted - but no member of the chains was explicitly trusted by the system (i.e. no results via certmgr.msc).
- On execution (not installation) of the certificates, a CA was added to the local computer as a trusted root CA (this time visible via certmgr.msc). Its chain appeared valid and trusted - but again no members were explicitly trusted.
- The certificates of the "ghost" CAs were not viewable.
- This behaviour was confirmed in fresh instances of Windows 8, Windows 7 and Windows Vista. Windows XP and Windows 2000 are negative. Other versions and other platforms were not tested. The x509 certificates are parsable by a number of cryptographic libraries including OpenSSL.
- Is anyone aware of a mechanism capable of causing this pattern?"
RAW Paste Data