Bugtraq mailing list archives
Trillian SSL Certificate Vulnerability
From: Gabriel Menezes Nunes <gab.mnunes () gmail com>
Date: Fri, 26 Jun 2009 10:36:22 -0300
Trillian SSL Certificate Vulnerability I. The Vulnerability Trillian does not check SSL certificate before sending MSN user credentials. An attacker is able to obtain MSN username and password with a spoofed certificate and no alert is generated to the user. This vulnerability was found in Trillian Basic 3.1. Other versions and/or protocols may also be affected. II. Disclosure Timeline 06/19/2009 - Vendor contact. 06/26/2009 - No answer. Public Disclosure. III. Vendor http://www.ceruleanstudios.com/ IV. Credit Gabriel Menezes Nunes <gab.mnunes [at] gmail (dot) com>
Current thread:
- Trillian SSL Certificate Vulnerability Gabriel Menezes Nunes (Jun 26)
- <Possible follow-ups>
- Re: Trillian SSL Certificate Vulnerability krymson (Jun 26)