Computer Security
[EN] securityvulns.ru no-pyccku


telepathy-idle insufficient certificate check
Published:10.05.2013
Source:
SecurityVulns ID:13076
Type:m-i-t-m
Threat Level:
5/10
Description:Server certificate is not checked
Affected:TELEPATHYIDLE : telepathy-idle
CVE:CVE-2007-6746 (telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
Original documentdocumentUBUNTU, [USN-1821-1] telepathy-idle vulnerability (10.05.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod