PKI Blog

Is My MDM Deployment Vulnerable?

Posted by Ted Shorter on Jul 7, 2012 5:55:35 AM

If you’re reading this, there’s a good chance you’ve already seen the reports about the security ramifications of issuing certificates to mobile devices using the Simple Certificate Enrollment Protocol (more information on our site here). We’ve received many inquiries about how to determine whether a given system is at risk, and if so, what levels of exposure may be involved. Complicating the issue is the sheer number of Mobile Device Management (MDM) products that exist, and the wide variety of configuration options within them. Because of all this variability, simply asking, “Is {Product X} affected?” can lead to over-simplified answers that might still leave you exposed to risk.

Assessing the risk of a given MDM deployment can be a bit nuanced, as there are a number of factors that come into play. The primary criteria to examine when making an assessment are:

Read More

Topics: digital certificate, Mobile Device Management, bring your own device, Provisioning, Public Key Infrastructure, Certificate Management System (CMS), mCMS, MDM, SCEP, Identity and Access Management, iOS, US-CERT, Blog, Simple Certificate Enrollment Protocol, Active Directory, BYOD

CSS UNCOVERS SCEP VULNERABILITY FOR MOBILE DEVICES IN THE ENTERPRISE

Posted by CSS Technical Team on Jun 28, 2012 7:22:00 AM

Vulnerability Note VU#971035- Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests

CLEVELAND, OH – June 28, 2012. Researchers at Certified Security Solutions, Inc. (CSS), a leading information security company, have uncovered a potentially serious security issue pertaining to the use of the Simple Certificate Enrollment Protocol (SCEP) in conjunction with mobile devices. Organizations that leverage SCEP to issue digital certificates to mobile devices may be subject to a privilege escalation attack.

Read More

Topics: digital certificates, MDM, SCEP, US-CERT, Press Releases, Simple Certificate Enrollment Protocol, privilege escalation attack, BYOD

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?