mutt_ssl.c in mutt 1.5.16 and other versions before 1.5...
Moderate severity
Unreviewed
Published
May 2, 2022
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Description
Published by the National Vulnerability Database
Oct 23, 2009
Published to the GitHub Advisory Database
May 2, 2022
Last updated
Jan 31, 2023
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References