Submission + - Safari leaks client certificates (whirlpool.net.au)
An anonymous reader writes: If you have client certs installed in your iPhone or iPad that contain your employment details or other personal information be very careful what sites you visit.
When browsing to a website that requests an x509 client certificate from Safari, the user is prompted to select a client certificate. Selecting cancel results in safari sending a client certificate anyway. The server now has all the personal information stored in the client cert.
When browsing to a website that requests an x509 client certificate from Safari, the user is prompted to select a client certificate. Selecting cancel results in safari sending a client certificate anyway. The server now has all the personal information stored in the client cert.