2 matches found
Design/Logic Flaw
Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766...
CVE-2009-3766
CVE-2009-3766 affects mutt 1.5.16 and earlier (before 1.5.19) when using OpenSSL: the code in mutt_ssl.c does not verify the certificate CN against the server hostname, enabling MITM spoofing with arbitrary certificates. This is supported by connected OpenVAS/MIRACLE_LINUX references noting the s...