Bugs item #1771890, was opened at 2007-08-10 10:21 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=642714&aid=1771890&group_id=105970
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: extensions Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: sbonev (sbonev) Assigned to: Scott Kurtzeborn (scotk) Summary: InstallCertificates CA writes to CertificateHash table Initial Comment: In scacert.cpp (ResolveCertificate()) there is code that writes to the CertificateHash table. This seems to be a security issue and can be exploited through a data tampering attack. Shouldn't the CA check the hash instead of writing it? It looks like the hash needs to be computed at build time, not at run time. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=642714&aid=1771890&group_id=105970 ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ WiX-devs mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wix-devs
