[Fed-Talk] OS X 10.5.3 Safari crashes with DoD CAC?
[Fed-Talk] OS X 10.5.3 Safari crashes with DoD CAC?
- Subject: [Fed-Talk] OS X 10.5.3 Safari crashes with DoD CAC?
- From: Michael Kluskens <email@hidden>
- Date: Thu, 29 May 2008 08:04:23 -0400
Under OS X 10.5.3 I've lost functionality, Keychain Access and OS X
Mail work with my DoD CAC card; however, Safari does not, I get
anything from no response <infosec.navy.mil> to a crash of Safari with
corruption of my login keychain <netgroup.nrl.navy.mil>. All this
worked fine from 10.3.x through all of 10.4 and up to 10.5.2 (The
Apple bug number for this issue is #47225052 I believe if anyone has
the right access to check on the status of this).
Tested and verified on both PowerPC and Intel Macs, tested and
verified with a format and reinstall of 10.5.1 with all updates to
10.5.3 and no customizations, no third-party apps, and no usage of
Migration assistant.
Given that Keychain Access sees the card and that OS X Mail works and
Safari does not I doubt it's my card reader but in any case I'm using
a GEMPLUS DoD CAC and a SCM SCR33x USB Smart Card Reader with Firmware
05.18.
The ActivCard reader which we flashed was supplied by our security
people, if we have to go out and buy other card readers it won't look
good for Apple at this location, a couple thousand dollars to make OS
X work with the DoD CAC (estimate 200 users here with $20 per reader).
And of course the Orthebur CAC cards don't work at all under 10.5.3
with the SCR33x card reader, funny no word on why that can not be
fixed in OS X--legal issues with drivers from SCM? Unfortunately now
I have three users who have to find a PC to do their work and the
number is growing monthly.
The following is any interesting take on the which certificate problem:
CFNetwork
CVE-ID: CVE-2008-1580
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An information disclosure issue exists in Safari's SSL
client certificate handling. When a web server issues a client
certificate request, the first client certificate found in the
keychain is automatically sent, which may lead to the disclosure of
the information contained in the certificate. This update addresses
the issue by prompting the user before sending the certificate.
Regarding the Orthebur CAC and SCM SCR readers.
On Feb 29, 2008, at 9:22 AM, Shawn A. Geddis wrote:
There is currently (10.5.0-10.5.2) a very specific issue between
some of the newer Smart Cards (T=1 / Block Transfer) with very
specific Smart Card Readers (SCM SCR 331, 531, 3310, 3311).
Combination with a different reader or a different card work as
expected.
* There are many *different* CACs issued
* There are many *different* Smart Card Readers available.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden