[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

aMSN SSL Certificate Vulnerability

aMSN SSL Certificate Vulnerability

I. The Vulnerability

aMSN does not check SSL certificate before sending MSN user
credentials. An attacker is able to obtain MSN username and password
with a spoofed certificate and no alert is generated to the user.
This vulnerability was found in aMSN 0.97.2. Other versions may also
be affected.

II. Disclosure Timeline

06/19/2009 - Vendor contact.
06/26/2009 - No answer. Public Disclosure.

III. Vendor


IV. Credit

Gabriel Menezes Nunes <gab.mnunes [at] gmail (dot) com>