telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2013-05-21T18:00:00
Updated: 2013-06-21T09:00:00
Reserved: 2011-12-19T00:00:00
Link: CVE-2007-6746
JSON object: View
NVD Information
Status : Modified
Published: 2013-05-21T18:55:01.310
Modified: 2013-06-21T02:26:00.447
Link: CVE-2007-6746
JSON object: View
Redhat Information
No data.
CWE