CVE-2010-0744

aMSN 0.98.3 - SSL Man-in-the-Middle

Title source: llm
STIX 2.1

Description

aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate.

References (15)

Core 15
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041046.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/03/10/4
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39796
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35507
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/04/01/4
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2009/Jun/239
Various Sources x_refsource_confirm
http://www.opensource-archive.org/showthread.php?p=183821
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35621
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1109
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041079.html

Scores

EPSS 0.0131
EPSS Percentile 67.0%

Details

CWE
CWE-287
Status published
Products (10)
alvaro/alvaros_messenger 0.83
alvaro/alvaros_messenger 0.90
alvaro/alvaros_messenger 0.91
alvaro/alvaros_messenger 0.92
alvaro/alvaros_messenger 0.93
alvaro/alvaros_messenger 0.94
alvaro/alvaros_messenger 0.95
alvaro/alvaros_messenger 0.96
alvaro/alvaros_messenger 0.97
alvaro/alvaros_messenger < 0.98.3
Published Apr 20, 2010
Tracked Since Feb 18, 2026