CVE-2011-5242
tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the certificate’s CN or subjectAltName, enabling MITM via an arbitrary valid certificate. Impact per sources: partial confidentiality and partial integrity, with network attack vector and no authentication requ...