Interesting.
The problem is not caused by an implementation error in a single product, or by an issue with the SCEP protocol itself, but rather by a combination of features, configurations, and use cases that, together, open up a previously unforeseen avenue of attack. Mobile Device Management (MDM) systems that leverage SCEP to issue certificates for authentication into enterprise systems such as Wi-Fi, VPN, or ActiveSync are among the most critically affected scenarios.
More:
http://www.marketwatch.com/story/css-uncovers-scep-vulnerability-for-mobile-devices-in-the-enterprise-2012-06-29
No comments:
Post a Comment