2 matches found
CVE-2014-2735 - WinSCP: missing X.509 validation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-003 Product: WinSCP Affected Versions: 5.5.2.4130 Tested Versions: 5.5.2.4130 Windows 7 32 bit and Windows 8.1 64 bit Vulnerability Type: Missing X.509 validation Risk Level: Medium Solution Status: Fixed Vendor Notification:...
CVE-2014-2735
WinSCP (Windows FTP client) is affected by CVE-2014-2735 due to missing validation of the server X.509 certificate hostname when using FTP over TLS. The issue allows MITM spoofing of SSL servers with an arbitrary valid certificate because the client does not verify the CN or subjectAltName. Affec...