Trillian MSN SSL Certificate Validation Security Bypass Vulnerability Network Vulnerability

Summary

This host is installed with Trillian and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow attackers to perform man-in-the-middle attacks. Impact Level: Application

Solution

Upgrade to Cerulean Studios Trillian version 4.2 or later For more info refer, http://www.trillian.im/ NOTE: Ignore this warning, if it's Trillian Pro Edition

Insight

The flaw is due to improper varification of SSL certificate before sending MSN user credentials.

Affected

Cerulean Studios Trillian 3.1 Basic on windows.

References

http://secunia.com/advisories/35620
http://xforce.iss.net/xforce/xfdb/51400

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4831
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
Apache /server-status accessible
Apache Tomcat Multiple Vulnerabilities-01 (Nov14)
Apple iTunes Multiple Vulnerabilities - Apr10
Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)

Take action and discover your vulnerabilities