CVE-2011-1428

WeeChat < 0.3.4 - Man-in-the-Middle Attack via Improper X.509 Certificate Validation

Title source: llm
STIX 2.1

Description

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

References (5)

Core 5
Core References
Exploit, Patch x_refsource_confirm
http://savannah.nongnu.org/patch/index.php?7459
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46612
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43543

Scores

EPSS 0.0108
EPSS Percentile 61.3%

Details

CWE
CWE-20
Status published
Products (35)
flashtux/weechat 0.0.1
flashtux/weechat 0.0.2
flashtux/weechat 0.0.3
flashtux/weechat 0.0.4
flashtux/weechat 0.0.5
flashtux/weechat 0.0.6
flashtux/weechat 0.0.7
flashtux/weechat 0.0.8
flashtux/weechat 0.0.9
flashtux/weechat 0.1.0
... and 25 more
Published Mar 16, 2011
Tracked Since Feb 18, 2026