RSS   Vulnerabilities for 'Trillian'   RSS

2012-11-04
 
CVE-2012-5824

 

 
Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831.

 
2010-04-29
 
CVE-2009-4831

CWE-20
 

 
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate.

 


Copyright 2024, cxsecurity.com

 

Back to Top