CVE-2014-2845

2017-11-15T18:29:00
ID CVE-2014-2845
Type cve
Reporter cve@mitre.org
Modified 2019-12-11T15:20:00

Description

Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.