CVE-2011-5242

Name of the Vulnerable Software and Affected Versions tmhOAuth versions prior to 0.61

Description The issue allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate because it does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate.

Recommendations For versions prior to 0.61, update to version 0.61 or later to resolve the issue. As a temporary workaround, consider verifying the server hostname manually to ensure it matches the domain name in the certificate. Restrict access to sensitive operations until the update is applied to minimize the risk of exploitation.