Opera
Search the knowledge base
Advisory: Opera accepts nulls and invalid wildcards in certificates
Summary
Certificate authorities are expected to vet all certificate registrations, but may fail to prevent fraudulent or erroneous registrations. Certificates which use a wild card immediately before the top level domain, or nulls in the domain name, may pass validation checks in Opera. Sites using such certificates may then incorrectly be presented as secure.
Severity
Moderate severity
Opera's response
Opera Software has released Opera 10.00, where this issue has been fixed.
Credits
Thanks to Dan Kaminsky for reporting this issue to Opera Software.
Browse through articles in the same categories:
advisory
Support
- Overview
- Get started
- Register Opera Mobile
- Knowledge base
- Online communities
- Reporting bugs
- Opera Web Mail
- Access Opera
- Premium support
- Contact support
- Documentation
Opera Help
Need help? Hit F1 anytime while using Opera to access our online help files, or go here.
View mobile site
Copyright © 2009 Opera Software ASA. All rights reserved.