Up to circa 2003, the implementation of certificate validation in Internet Explorer / Windows did not process the “Basic Constraints” extension properly. The net effect was that anybody with a 100$ certificate could act as a CA and issue “certificates” with arbitrarily chosen name and keys.
Because people never learn, the Microsoft implementation of SSL used in ASP.NET was still unpatched as of 2010 (eight years later !) when Rizzo and Duong reimplemented the Vaudenay attack and built a demonstration which recovered HTTP cookies.
great history on SSL, i hadn’t kept up on it for a while and was surprised to see how long microsoft had left these vulnerabilities open.. also interesting find i did not know about: