CVE-2010-0744

aMSN 0.98.3 - SSL Man-in-the-Middle

Title source: llm

Description

aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate.

References (15)

Scores

EPSS 0.0039
EPSS Percentile 59.4%

Classification

CWE
CWE-287
Status draft

Affected Products (10)

alvaro/alvaros_messenger < 0.98.3
alvaro/alvaros_messenger
alvaro/alvaros_messenger
alvaro/alvaros_messenger
alvaro/alvaros_messenger
alvaro/alvaros_messenger
alvaro/alvaros_messenger
alvaro/alvaros_messenger
alvaro/alvaros_messenger
alvaro/alvaros_messenger

Timeline

Published Apr 20, 2010
Tracked Since Feb 18, 2026