Certified Security Solutions, Inc. (CSS) is making its SCEP Validation Service™ – a solution that prevents the attack described in US-CERT vulnerability report VU#970135 – available for integration and OEM license by interested third parties.
While the Simple Certificate Enrollment Protocol (SCEP) has been in use for several years, many Mobile Device Management (MDM) systems now deliver SCEP One-Time-Passwords directly to the devices they manage, which exposes them to misuse by attackers and can lead to certificates with fraudulent content, and potential privilege escalation attacks. Visit the online informational portal online to learn more about the vulnerability.

CSS’ patent-pending solution to the SCEP vulnerability includes a plug-in Policy Module to the Microsoft CA which blocks any manipulation of SCEP-based certificate request data, and allows customers to retain the benefits of on-device private key generation, while preventing the security problems associated with sending SCEP passwords outside of an organization’s trusted network.

“We’ve realized that the need for Validated SCEP™ transcends the certificate issuance and management space that our products focus on, into areas such as MDM,” says Kevin von Keyserling, CSS’ Chief Executive Officer.

Visit the Validated SCEP resource center for more information.

About CSS – CSS is an information security company, specializing in identity and access management solutions. The company, headquartered in Cleveland, Ohio, has operations throughout North America. CSS provides enterprise ready software, managed security services, Security as a Service, and consulting services. CSS’ security solutions allow clients to secure and operate in cloud computing platforms, “Bring Your Own Device” initiatives, and the emerging market of the “Internet of Things.” For more information and for a complete list of branch offices, click here to Request Information.