Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


20090807: Vulnerability caused by the null character in CN... or not!

During the Black Hat conference in 2009, 2 researchers have presented their result concerning the use of the null character in the CN field aiming to mislead browsers. They showed that all browsers, except Firefox 3.5, were fooled.

Part of their theory is based on the possibility to obtain a certificate from a certification authority that would contain a null character. But that wouldn't be that easy! VeriSign, Thawte and Comodo confirm their systems do not issue certificates containing this character... TBS X509 does not either.