CVE-2007-6591

Name of the Vulnerable Software and Affected Versions KDE Konqueror versions 3.5.5 through 3.95.00

Description The issue allows remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. This occurs when a user accepts an SSL server certificate based on the CN domain name in the DN field, and the certificate is then regarded as accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product.

Recommendations For KDE Konqueror versions 3.5.5 through 3.95.00, consider disabling the automatic acceptance of SSL server certificates based on the CN domain name in the DN field until a patch is available. Restrict access to sensitive web sites to minimize the risk of exploitation.