sieve-connect TLS Hostname Verification Spoofing Vulnerability
BID:59078
Info
sieve-connect TLS Hostname Verification Spoofing Vulnerability
| Bugtraq ID: | 59078 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 14 2013 12:00AM |
| Updated: | Apr 14 2013 12:00AM |
| Credit: | Phil Pennock |
| Vulnerable: |
Phil Pennock sieve-connect 0.84 |
| Not Vulnerable: |
Phil Pennock sieve-connect 0.85 |
Discussion
sieve-connect TLS Hostname Verification Spoofing Vulnerability
sieve-connect is prone to a security vulnerability that may allow attackers to conduct spoofing attacks.
Attackers can exploit this issue to spoof a valid server and conduct man-in-the-middle attacks. Successful exploits will cause victims to accept the requests assuming they are from a legitimate site.
Versions prior to sieve-connect 0.85 are vulnerable.
sieve-connect is prone to a security vulnerability that may allow attackers to conduct spoofing attacks.
Attackers can exploit this issue to spoof a valid server and conduct man-in-the-middle attacks. Successful exploits will cause victims to accept the requests assuming they are from a legitimate site.
Versions prior to sieve-connect 0.85 are vulnerable.
References
sieve-connect TLS Hostname Verification Spoofing Vulnerability
References:
References:
- SECURITY: sieve-connect 0.85 available (Phil Pennock)
- sieve-connect Changelog (Phil Pennock)
- sieve-connect Homepage (Phil Pennock)