Описание
tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Уязвимые конфигурации
Конфигурация 1Версия до 0.60 (включая)
Одно из
cpe:2.3:a:themattharris:tmhoauth:*:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.2:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.3:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.4:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.5:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.11:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.12:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.13:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.14:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.51:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.52:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.53:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.54:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.55:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.56:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.57:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.58:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00134
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
EPSS
Процентиль: 33%
0.00134
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-20