MidnightBSD

Advisories for alvaro

CVE-2010-0744 MEDIUM

aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
alvaro alvaros_messenger 0.83
alvaro alvaros_messenger 0.94
alvaro alvaros_messenger 0.96
alvaro alvaros_messenger 0.93
alvaro alvaros_messenger *
alvaro alvaros_messenger 0.97
alvaro alvaros_messenger 0.91
alvaro alvaros_messenger 0.92
alvaro alvaros_messenger 0.90
alvaro alvaros_messenger 0.95