Name of the Vulnerable Software and Affected Versions HexChat (affected versions not specified)

Description The issue allows a man-in-the-middle attacker to spoof an SSL server if they have a certificate valid for any domain name, due to HexChat not verifying that the server hostname matches the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.