CarbonCopy - A Tool Which Creates A Spoofed Certificate Of Any Online Website And Signs An Executable For AV Evasion

A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux. Download CarbonCopy...

Authentication Bypass

openssl is vulnerable to an authentication bypass. The library does not properly compare OpenSSL::X509::Name objects, leading to non-equal objects to be returned as equal. This can allow a malicious user to pass a spoofed certificate to the system during the authentication process...

samba: Server certificates not validated at client side

It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate...

Cisco FireSIGHT Management Center Arbitrary Code Execution Vulnerability

Cisco FireSIGHT Management Center enables centralized management of network security and operational functions for Cisco ASA with FirePOWER Services and Cisco FirePOWER devices. An arbitrary code execution vulnerability exists in Cisco FireSIGHT Management Center versions 5.2 through 5.4.0.1. Thi...

Gogo In-flight Internet issues Fake SSL Certificates to its own Customers

Gogo — one of the largest providers of in-flight Internet service — has been caught issuing fake SSL certificates, allowing the inflight broadband provider to launch man-in-the-middle MITM attacks on its own users, view passwords and other sensitive information. The news came to light when securi...

Updated not-yet-commons-ssl packages fix CVE-2014-3604

Updated not-yet-commons-ssl packages fixes security vulnerability: It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle MITM...

Design/Logic Flaw

Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073...

Code injection

The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

Code injection

libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle MITM attack with a spoofed certificate...

CVE-2012-1177

libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle MITM attack with a spoofed certificate...

CVE-2012-1177

libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle MITM attack with a spoofed certificate...

Authentication flaw

Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate...

Code injection

MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate...

CVE-2009-2381

Gizmo 3.1.0.79 on Linux does not verify a server's SSL certificate, which allows remote servers to obtain the credentials of arbitrary users via a spoofed certificate...

aMSN SSL Certificate Vulnerability

aMSN SSL Certificate Vulnerability I. The Vulnerability aMSN does not check SSL certificate before sending MSN user credentials. An attacker is able to obtain MSN username and password with a spoofed certificate and no alert is generated to the user. This vulnerability was found in aMSN 0.97.2...

Gizmo SSL Certificate Vulnerability

Gizmo SSL Certificate Vulnerability I. The Vulnerability Gizmo does not check SSL certificate before sending user credentials. An attacker is able to obtain username and password with a spoofed certificate and no alert is generated to the user. This vulnerability was found in Gizmo for Linux...

Code injection

The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...

gnutls: certificate chain verification flaw

The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...

[Full-disclosure] Certificate spoofing issue with Mozilla, Konqueror, Safari 2

Moin Mozilla based browsers Firefox, Netscape, ..., Konqueror and Safari 2 do not bind a user-approved webserver certificate to the originating domain name. This makes the user vulnerable to certificate spoofing by "subjectAltName:dNSName" extensions. I set up a demonstration at...

Compaq Web Managment spoofed certificate unauthorized access

User can upload his certificate to server for getting unauthorized access...