6 matches found
Improper Certificate Validation in vt-ldap
DefaultHostnameVerifier in Ldaptive formerly vt-ldap does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Code injection
DefaultHostnameVerifier in Ldaptive formerly vt-ldap does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2014-3607
DefaultHostnameVerifier in Ldaptive formerly vt-ldap does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2014-3607
DefaultHostnameVerifier in Ldaptive formerly vt-ldap does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2014-3607
DefaultHostnameVerifier in Ldaptive formerly vt-ldap does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2014-3607
CVE-2014-3607 affects Ldaptive (formerly vt-ldap) and its DefaultHostnameVerifier, which fails to ensure the server hostname matches a domain name in the X.509 certificate’s CN. This allows remote attackers to perform a MITM spoofing attack by using an arbitrary valid certificate. The issue is ob...