The researchers even designed a MitM proof of concept (PoC) to show how an attacker can easily re-route the traffic to their server, display their own certificate, and then decrypt an organization's VPN traffic. While the company could use the router's serial number to check if the server names match, the client appears to not verify the server name at all according to SAM Seamless Network's research. All of the company's default SSL certificates use a router's serial number as the server name for the certificate.
0 kommentar(er)
