CVE-2005-0236

Name of the Vulnerable Software and Affected Versions Omniweb version 5

Description The issue concerns the International Domain Name (IDN) support, which allows remote attackers to spoof domain names. This is achieved by using punycode encoded domain names that are decoded in URLs and SSL certificates, leveraging homograph characters from other character sets. This facilitates phishing attacks.

Recommendations For Omniweb version 5, consider disabling the IDN support as a temporary workaround until a patch is available. Restrict access to URLs and SSL certificates that use punycode encoded domain names to minimize the risk of exploitation.