Computer Security
[EN] no-pyccku

WinSCP proteciton bypass
SecurityVulns ID:13723
Threat Level:
Description:Server X.509 certificate is not validated.
Affected:WINSCP : WinSCP 5.5
CVE:CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
Original documentdocumentMicha.Borrmann_(at), CVE-2014-2735 - WinSCP: missing X.509 validation (04.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod