← back
CVE-2010-3901

CVE-2010-3901

EPSS 0.6%
OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.infradead.org/openconnect.htmlhttp://www.openwall.com/lists/oss-security/2010/08/01/1http://www.openwall.com/lists/oss-security/2010/08/02/7