Insights and Outlooks from the Digital Identity Market Leader

Mar 27, 2017 4:17:51 PM
Despite the documented shortcomings of the Simple Certificate Enrollment Protocol (SCEP), it is still in widespread use today. This is in large part due to the lack of better options when it comes to certificate enrollment – espec [...]
Aug 16, 2012 12:27:00 PM
CSS recently discovered and published information on a potential privilege escalation attack in SCEP-based Certificate Issuance Systems. After this discovery, CSS created the SCEP Validation Service, which aims to close this attac [...]
Jul 7, 2012 5:55:35 AM
If you’re reading this, there’s a good chance you’ve already seen the reports about the security ramifications of issuing certificates to mobile devices using the Simple Certificate Enrollment Protocol (more information on our sit [...]
Jun 28, 2012 7:22:00 AM
Vulnerability Note VU#971035- Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests CLEVELAND, OH – June 28, 2012. Researchers at Certified Security Solutions, Inc. (CSS), a leading info [...]
Feb 21, 2012 6:00:32 AM
Recently, while working on a Microsoft Network Device Enrollment Services (NDES) deployment, a client asked a simple-enough question about the thumbprint for the Certificate Authority (CA) certificate that was displayed on the NDE [...]
Apr 14, 2011 3:20:42 PM
iOS devices such as iPads and iPhones are quickly becoming a part of the enterprise IT landscape, in a trend sometimes referred to as “the consumerization of IT.” From a security practitioner’s standpoint, there are a number of fa [...]