PKI Blog

CSS UNCOVERS SCEP VULNERABILITY FOR MOBILE DEVICES IN THE ENTERPRISE

Posted by CSS Technical Team on Jun 28, 2012 7:22:00 AM

Vulnerability Note VU#971035- Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests

CLEVELAND, OH – June 28, 2012. Researchers at Certified Security Solutions, Inc. (CSS), a leading information security company, have uncovered a potentially serious security issue pertaining to the use of the Simple Certificate Enrollment Protocol (SCEP) in conjunction with mobile devices. Organizations that leverage SCEP to issue digital certificates to mobile devices may be subject to a privilege escalation attack.

Read More

Topics: digital certificates, MDM, SCEP, US-CERT, Press Releases, Simple Certificate Enrollment Protocol, privilege escalation attack, BYOD

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?