CVE-2012-5811

UNKNOWN

The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X

Published Nov 4, 2012

Modified 1 years ago

Details

The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

References

WEB

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2012-5811

CVSS Analysis

CVSS v2.0

5.8

Exploitability

Access Vector

NetworkAV:N

Access Complexity

MediumAC:M

Authentication

NoneAu:N

Impact

Confidentiality

PartialC:P

Integrity

PartialI:P

Availability

NoneA:N

5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N

Ecosystems

Timeline

PublishedNov 4, 2012

ModifiedSep 17, 2024