2 matches found
CVE-2010-3901
OpenConnect before 2.25 is affected by CVE-2010-3901 due to improper validation of X.509 certificates, enabling MITM attacks where an attacker can spoof AnyConnect SSL VPN servers with a certificate that either does not match the server hostname or is presented when --cafile is not configured. Im...
CVE-2010-3901
OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that 1 does not correspond to the server hostname or 2 is presented in circumstances involving a missing...