VULHUB ™

When an SSL connection is made, the identify of the foreign site may be verified through the use of an SSL certificate. This would normally prevent the possibility of spoofing a trusted site, or of implementing a man in the middle attack. Generally this verification is done through the eventual use of a root signing authority. Certain web browsers have implemented SSL functionality without including the ability to verify certificates. If an explicit warning is not given to the user of these products when an SSL connection is initiated, the attacks detailed above may be attempted without detection.

When an SSL connection is made, the identify of the foreign site may be verified through the use of an SSL certificate. This would normally prevent the possibility of spoofing a trusted site, or of implementing a man in the middle attack. Generally this verification is done through the eventual use of a root signing authority. Certain web browsers have implemented SSL functionality without including the ability to verify certificates. If an explicit warning is not given to the user of these products when an SSL connection is initiated, the attacks detailed above may be attempted without detection.