3 matches found
Microsoft Windows Phone 7 SSL证书'Common Name'验证安全限制绕过漏洞
BUGTRAQ ID: 55569 CVE ID: CVE-2012-2993 Windows Phone 7是微软公司发布的一款手机操作系统,于2010年10月11日发布,它将微软旗下产品整合至手机中,并使用Metro作为设计语言。 Microsoft Windows Phone 7没有正确验证服务器的SSL证书,可允许攻击者执行中间人攻击或模拟受信任服务器。 0 Microsoft Windows Phone 7 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
CVE-2012-2993
Microsoft Windows Phone 7 is affected: it does not verify the domain name in the server certificate’s Common Name, enabling MITM spoofing for SSL connections over POP3/IMAP/SMTP with arbitrary valid certificates. Affected software is Windows Phone 7; vulnerable component is certificate CN verific...
Windows Phone 7 does not check certificate Common Names when sending or receiving emails over SSL.
Overview Windows Phone 7 does not check CN Common Name of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP servers using SSL. Description Windows Phone 7 fails to check the CN Common Name of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP serve...