[<prev] [next>] [day] [month] [year] [list]
Message-ID: <e121087f0906260633k63abd7a5s31caf56c4ab0b98e@mail.gmail.com>
Date: Fri, 26 Jun 2009 10:33:25 -0300
From: Gabriel Menezes Nunes <gab.mnunes@...il.com>
To: bugtraq@...urityfocus.com
Subject: aMSN SSL Certificate Vulnerability
aMSN SSL Certificate Vulnerability
I. The Vulnerability
aMSN does not check SSL certificate before sending MSN user
credentials. An attacker is able to obtain MSN username and password
with a spoofed certificate and no alert is generated to the user.
This vulnerability was found in aMSN 0.97.2. Other versions may also
be affected.
II. Disclosure Timeline
06/19/2009 - Vendor contact.
06/26/2009 - No answer. Public Disclosure.
III. Vendor
http://www.amsn-project.net/
IV. Credit
Gabriel Menezes Nunes <gab.mnunes [at] gmail (dot) com>
Powered by blists - more mailing lists