EPSS
Percentile
46.1%
vt-ldap is vulnerable to certificate spoofing. The library does not properly parse and verify the hostname in certificates, allowing an attacker to spoof SSL Servers by spoofing a certificate in conjunction with a man-in-the-middle (MitM) attack.
shibboleth.net/community/advisories/secadv_20140919.txt
bugzilla.redhat.com/show_bug.cgi?id=1140438
github.com/dfish3r/vt-ldap/commit/7894c3941641df8d9448d3480205d605520c7efa