Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle malicious users to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows phone 7 firmware - |