aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| alvaro | alvaros_messenger | 0.83 |
| alvaro | alvaros_messenger | 0.94 |
| alvaro | alvaros_messenger | 0.96 |
| alvaro | alvaros_messenger | 0.93 |
| alvaro | alvaros_messenger | * |
| alvaro | alvaros_messenger | 0.97 |
| alvaro | alvaros_messenger | 0.91 |
| alvaro | alvaros_messenger | 0.92 |
| alvaro | alvaros_messenger | 0.90 |
| alvaro | alvaros_messenger | 0.95 |