Saturday, June 30, 2012

CSS Uncovers SCEP Vulnerability For Mobile Devices In The Enterprise - MarketWatch


The problem is not caused by an implementation error in a single product, or by an issue with the SCEP protocol itself, but rather by a combination of features, configurations, and use cases that, together, open up a previously unforeseen avenue of attack. Mobile Device Management (MDM) systems that leverage SCEP to issue certificates for authentication into enterprise systems such as Wi-Fi, VPN, or ActiveSync are among the most critically affected scenarios.


No comments:

Post a Comment