CVE-2002-1824

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 6.0

Description The issue concerns the handling of an expired CA-CERT in a web server's certificate chain during an SSL/TLS handshake. It may allow attackers to perform a man-in-the-middle attack by not prompting the user before searching for and finding a newer certificate.

Recommendations For Microsoft Internet Explorer version 6.0, consider disabling the automatic search for newer certificates during the SSL/TLS handshake as a temporary workaround until a more permanent solution is available. Restrict access to sensitive information when using this version of Internet Explorer to minimize the risk of exploitation.