Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- "About a week ago some colleagues and I discovered a set of x509 certificates which exhibited certain interesting properties. The subset relevant to this thread being:
- They appeared trusted and their chains appeared valid and trusted - but no member of the chains was explicitly trusted by the system (i.e. no results via certmgr.msc).
- On execution (not installation) of the certificates, a CA was added to the local computer as a trusted root CA (this time visible via certmgr.msc). Its chain appeared valid and trusted - but again no members were explicitly trusted.
- The certificates of the "ghost" CAs were not viewable.
- This behaviour was confirmed in fresh instances of Windows 8, Windows 7 and Windows Vista. Windows XP and Windows 2000 are negative. Other versions and other platforms were not tested. The x509 certificates are parsable by a number of cryptographic libraries including OpenSSL.
- Is anyone aware of a mechanism capable of causing this pattern?"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement