Hacker News new | past | comments | ask | show | jobs | submit login

I don’t think this is ultimately the vulnerability, but even without SNI, it’s arbitrary to dynamically link to a file, script, png, etc... hosted on a sub domain with the bad cert.



Oh yeah! So it's like:

* client asks for cert

* you give it to them

* client tells you the page they want and their useragent

* if you think they're vulnerable based on what you've learned about them, you add <img src="https://vulnerable.subdomain/"> to the response.

Neat suggestion. Thanks! Agree we've moved well outside of tomorrow's likely actual vuln.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: