Cyberduck prior to 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle malicious users to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cyberduck cyberduck |