View Issue Details

IDProjectCategoryView StatusLast Update
0000600Main CAcert Websitesource codepublic2013-11-20 22:23
Reporterkriss Assigned ToSourcerer  
Status closedResolutionfixed 
Fixed in Version2008 
Summary0000600: NS Client certs can be created with an arbitrary email address attached.
DescriptionAnother one of those lovely register_globals fallout bugs. An easy way to recreate the steps here is to use the Tamper Data firefox addon ( )

1. Go to, don't add an email address, add SSO information.
2. Choose keysize and submit. Tamper the request, adding "" and "count=0.emailAddress =" in the POSTdata.
3. Install your cert.

(Slightly roundabout way of going about it, but hey..)

Could obviously not be used to access itself since it depends on SERIAL, but it's been confirmed to work on's domain admin page.

It's possible that other nastyness could be performed using this attack vector, seeing that fairly arbitrary stuff can be sent into the CSR.
TagsNo tags attached.
Reviewed by
Test Instructions



2008-08-18 10:23

administrator   ~0001146

Should be fixed, please test and close.


2008-08-18 10:30

reporter   ~0001147


Issue History

Date Modified Username Field Change
2008-08-18 02:41 kriss New Issue
2008-08-18 10:23 Sourcerer Note Added: 0001146
2008-08-18 10:23 Sourcerer Status new => solved?
2008-08-18 10:23 Sourcerer Fixed in Version => production
2008-08-18 10:23 Sourcerer Resolution open => fixed
2008-08-18 10:23 Sourcerer Assigned To => Sourcerer
2008-08-18 10:30 kriss Note Added: 0001147
2008-08-18 10:30 kriss Status solved? => closed
2013-01-15 02:53 Werner Dworak Fixed in Version => 2008
2013-11-20 22:23 NEOatNHNG View Status private => public