Computer Security
[EN] securityvulns.ru no-pyccku


WinSCP proteciton bypass
Published:04.05.2014
Source:
SecurityVulns ID:13723
Type:m-i-t-m
Threat Level:
5/10
Description:Server X.509 certificate is not validated.
Affected:WINSCP : WinSCP 5.5
CVE:CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
Original documentdocumentMicha.Borrmann_(at)_SySS.de, CVE-2014-2735 - WinSCP: missing X.509 validation (04.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod