CVE-2005-1139

Name of the Vulnerable Software and Affected Versions Opera versions 8 Beta 3

Description The issue allows a malicious user to spoof web site SSL Organization Information, deceiving users into believing the site belongs to an organization that it does not. This is triggered by a feature that displays the SSL Organizational Information next to the web browser SSL lock symbol. The Organizational information within the SSL certificate is not unique, making it possible for a malicious website to pose as another, betraying consumer trust and resulting in a loss of confidentiality.

Recommendations For Opera version 8 Beta 3, consider disabling the feature that displays the SSL Organizational Information next to the web browser SSL lock symbol until a patch is available. Restrict access to websites with potentially spoofed SSL certificates to minimize the risk of exploitation. Avoid relying solely on the Organizational information displayed by the browser for authentication purposes.