CVE-2012-5789

Name of the Vulnerable Software and Affected Versions PayPal Payments Standard PHP Library versions before 20120427

Description The issue is related to the intentional disabling of certificate-validation checks, allowing man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. This is because the library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate.

Recommendations For versions before 20120427, update to version 20120427 or later to resolve the issue. As a temporary workaround, consider enabling certificate-validation checks to prevent man-in-the-middle attacks.