PT-2007-1001 · Cerulean Studios · Trillian

Published

2007-04-10

Updated

2022-02-07

CVE-2009-4831

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Cerulean Studios Trillian version 3.1 Basic

Description: The issue arises from the lack of SSL certificate checks during MSN authentication, allowing remote attackers to exploit this and obtain MSN credentials through a man-in-the-middle attack using a spoofed SSL certificate.

Recommendations: For Cerulean Studios Trillian version 3.1 Basic, consider disabling MSN authentication until a patch is available that includes proper SSL certificate checks to prevent man-in-the-middle attacks.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

BDU:2015-00721

CVE-2009-4831

Affected Products

Trillian

PT-2007-1001 · Cerulean Studios · Trillian

CVE-2009-4831

Weakness Enumeration

Related Identifiers

Affected Products

References · 8