Re: Trillian SSL Certificate Vulnerability

看板Bugtraq作者krymson.時間16年前 (2009/06/27 03:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/2 (看更多)

Is this grabbing the authentication credentials in plain text or just the hash? <- snip -> Trillian SSL Certificate Vulnerability I. The Vulnerability Trillian does not check SSL certificate before sending MSN user credentials. An attacker is able to obtain MSN username and password with a spoofed certificate and no alert is generated to the user. This vulnerability was found in Trillian Basic 3.1. Other versions and/or protocols may also be affected. II. Disclosure Timeline 06/19/2009 - Vendor contact. 06/26/2009 - No answer. Public Disclosure. III. Vendor http://www.ceruleanstudios.com/ IV. Credit Gabriel Menezes Nunes <gab.mnunes [at] gmail (dot) com>

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 krymson. 的文章

文章代碼(AID): #1AHI8r00 (Bugtraq)

討論串 (同標題文章)

完整討論串 (本文為第 2 之 2 篇)：

排序：最新先 | 最舊先 | 留言數

Re: Trillian SSL Certificate Vulnerability Re: Trillian SSL Certificate Vulnerability

krymson.

16年前, 06/27

Trillian SSL Certificate Vulnerability Trillian SSL Certificate Vulnerability

16年前, 06/27

文章代碼(AID): #1AHI8r00 (Bugtraq)