Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21878
HistoryMay 25, 2009 - 12:00 a.m.

Serena Dimensions CM Desktop Client does not validate the server SSL certificate

2009-05-2500:00:00
vulners.com
51
JSON

Application: Serena Dimensions CM
Affected versions: 10.1 and later
Vulnerability: man-in-the-middle attacks
Problem type: remote

Problem description:

The client/server connection can be SSL encrypted by setting "-ssl" in the listener.dat. The problem is that the Desktop
client accepts any server certificates. They may be self signed or signed by a CA. But there is no user interaction
required to accept the certificate. There is also no possibility to configure trusted certificates.

The vulnerability allows a man-in-the-middle attack where the attacker can read and modify the data betweeen client and
server. This requires to modify the network traffic between client and server.

Resolution:

There is currently no patch available for this problem.

JSON