Saturday, June 30, 2012

CSS Uncovers SCEP Vulnerability For Mobile Devices In The Enterprise - MarketWatch

 Interesting.

The problem is not caused by an implementation error in a single product, or by an issue with the SCEP protocol itself, but rather by a combination of features, configurations, and use cases that, together, open up a previously unforeseen avenue of attack. Mobile Device Management (MDM) systems that leverage SCEP to issue certificates for authentication into enterprise systems such as Wi-Fi, VPN, or ActiveSync are among the most critically affected scenarios.

More:
http://www.marketwatch.com/story/css-uncovers-scep-vulnerability-for-mobile-devices-in-the-enterprise-2012-06-29

No comments:

Post a Comment