lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Jun 2009 10:33:25 -0300 From: Gabriel Menezes Nunes <gab.mnunes@...il.com> To: bugtraq@...urityfocus.com Subject: aMSN SSL Certificate Vulnerability aMSN SSL Certificate Vulnerability I. The Vulnerability aMSN does not check SSL certificate before sending MSN user credentials. An attacker is able to obtain MSN username and password with a spoofed certificate and no alert is generated to the user. This vulnerability was found in aMSN 0.97.2. Other versions may also be affected. II. Disclosure Timeline 06/19/2009 - Vendor contact. 06/26/2009 - No answer. Public Disclosure. III. Vendor http://www.amsn-project.net/ IV. Credit Gabriel Menezes Nunes <gab.mnunes [at] gmail (dot) com>