aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2010-04-20T15:00:00
Updated: 2010-04-30T09:00:00
Reserved: 2010-02-26T00:00:00
Link: CVE-2010-0744
JSON object: View
NVD Information
Status : Modified
Published: 2010-04-20T15:30:00.317
Modified: 2010-05-14T05:49:17.890
Link: CVE-2010-0744
JSON object: View
Redhat Information
No data.
CWE