CVE-2007-6746

Name of the Vulnerable Software and Affected Versions telepathy-idle versions prior to 0.1.15

Description The issue arises from inadequate verification of X.509 certificates. Specifically, it does not check (1) if the issuer is a trusted Certificate Authority (CA), (2) if the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the certificate. This oversight allows man-in-the-middle attackers to spoof SSL servers by using any valid certificate.

Recommendations For versions prior to 0.1.15, update to version 0.1.15 or later to resolve the issue.