CVE-2011-1428
WeeChat < 0.3.4 - Man-in-the-Middle Attack via Improper X.509 Certificate Validation
Title source: llmDescription
Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.
References (5)
Core 5
Core References
Exploit, Patch x_refsource_confirm
http://savannah.nongnu.org/patch/index.php?7459
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46612
Various Sources x_refsource_confirm
http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43543
Scores
EPSS
0.0108
EPSS Percentile
61.3%
Details
CWE
CWE-20
Status
published
Products (35)
flashtux/weechat
0.0.1
flashtux/weechat
0.0.2
flashtux/weechat
0.0.3
flashtux/weechat
0.0.4
flashtux/weechat
0.0.5
flashtux/weechat
0.0.6
flashtux/weechat
0.0.7
flashtux/weechat
0.0.8
flashtux/weechat
0.0.9
flashtux/weechat
0.1.0
... and 25 more
Published
Mar 16, 2011
Tracked Since
Feb 18, 2026