Not going to downplay the vulnerability, but the key requirement for this attack is that both attacker and the victim domain must both be present in the SSL certificate’s SAN entries. This is something that can happen, e.g. with some web hosters, but is probably pretty rare.
threaded - newest
Not going to downplay the vulnerability, but the key requirement for this attack is that both attacker and the victim domain must both be present in the SSL certificate’s SAN entries. This is something that can happen, e.g. with some web hosters, but is probably pretty rare.