VeriSign: Flaw Is Bigger Threat to Grandma

International concerns surround Web Proxy Autodiscovery Protocol (WPAD) functionality in Web browsers

November 27, 2007

1 Min Read
Network Computing logo

NEW YORK -- Summary: At Kiwicon 2007, New Zealand researcher Beau Butler presented a flaw in how Microsoft Corp.’s Internet Explorer (IE) uses the Web Proxy Autodiscovery Protocol (WPAD) functionality for some international domains. Using this flaw, a malicious user could set up a WPAD server and send proxy configuration commands to the vulnerable computer. Microsoft originally fixed this vulnerability in Security Bulletin MS99-054, by changing the way that Internet Explorer searches for WPAD servers. The new flaw discovered by Mr. Butler specifically impacts and, which are still part of the default WPAD search order. It is possible that other top-level domains (TLDs) suffer from the same vulnerability in the default search order.

WPAD Threats:

A malicious user or group could use this vulnerability to redirect all HTTP and HTTPS traffic from their victims to a malicious server. Attackers can use this technique to steal online banking usernames and passwords as well as monitoring, logging and manipulating other sessions.

There are no known ongoing attacks, but several domains in the existing search order are active. It would only require a configuration change to add a malicious WPAD configuration.

Consumers are at highest risk from this flaw, as most enterprises use technologies that limit the potential damage.

Mr. Butler published details of the flaw and registered the domain names “,” “” and “” in late June 2007.

VeriSign iDefense Quotes:

“Most enterprises are probably protected from this attack vector, but it is likely that the grandmas out there using their local ISP are not.” – Rick Howard, Director, VeriSign iDefense Intelligence Operations

VeriSign Inc. (Nasdaq: VRSN)

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights