aMSN (aka Alvaro's Messenger) 0.98.3 and previous versions, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof an MSN server via an arbitrary certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
alvaro alvaros messenger 0.95 |
||
alvaro alvaros messenger 0.94 |
||
alvaro alvaros messenger |
||
alvaro alvaros messenger 0.91 |
||
alvaro alvaros messenger 0.90 |
||
alvaro alvaros messenger 0.97 |
||
alvaro alvaros messenger 0.96 |
||
alvaro alvaros messenger 0.83 |
||
alvaro alvaros messenger 0.93 |
||
alvaro alvaros messenger 0.92 |