QSslSocket in Trolltech Qt 4.3.0 up to and including 4.3.2 does not properly verify SSL certificates, which might make it easier for remote malicious users to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
trolltech qsslsocket 4.3.0 |
||
trolltech qsslsocket 4.3.1 |
||
trolltech qsslsocket 4.3.2 |