Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests View the entire report here: Vulnerability Note VU#971035 Organizations that use Simple Certificate Enrollment Protocol (SCEP) for mobile devices may have an increased security risk. Through our experience with Public Key Infrastructure (PKI) and Mobile Device Management (MDM) software in enterprise clients we have uncovered […]
Validated SCEP (VSCEP)
Keyfactor exposed and published information on a potential privilege escalation attack in SCEP-based Certificate Issuance Systems. To mitigate risk of an attack, Keyfactor created the SCEP Validation Service, which validates certificate contents before the Certificate Authority sends it to the requestor. The patent-pending solution ships today with our Keyfactor Command certificate management platform. Keyfactor’s SCEP Validation Service is […]