Andreyv

**Name of the Vulnerable Software and Affected Versions** HexChat versions prior to 2.10.2 XChat (affected versions not specified) XChat-GNOME (affected versions not specified) **Description** The issue is related to the `ssl do connect` function in `common/server.c`, which fails to verify that the server hostname matches a domain name in the X.509 certificate. This allows attackers to spoof SSL servers via an arbitrary valid certificate, enabling man-in-the-middle attacks. **Recommendations** For HexChat versions prior to 2.10.2, update to version 2.10.2 or later. For XChat and XChat-GNOME, at the moment, there is no information about a newer version that contains a fix for this vulnerability.