Trillian SSL Certificate Vulnerability
Trillian SSL Certificate Vulnerability
I. The Vulnerability
Trillian does not check SSL certificate before sending MSN user
credentials. An attacker is able to obtain MSN username and password
with a spoofed certificate and no alert is generated to the user.
This vulnerability was found in Trillian Basic 3.1. Other versions
and/or protocols may also be affected.
II. Disclosure Timeline
06/19/2009 - Vendor contact.
06/26/2009 - No answer. Public Disclosure.
III. Vendor
http://www.ceruleanstudios.com/
IV. Credit
Gabriel Menezes Nunes <gab.mnunes [at] gmail (dot) com>
討論串 (同標題文章)