telepathy-idle prior to 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical telepathy-idle |
||
canonical telepathy-idle 0.1.14 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 13.04 |
||
canonical ubuntu linux 12.10 |
||
canonical telepathy-idle 0.1.11.1 |
||
canonical telepathy-idle 0.1.10.1 |
||
canonical telepathy-idle 0.1.12.1 |
||
canonical telepathy-idle 0.1.11.2 |