• info
• discussion
• exploit
• solution
• references

Ruby Net::HTTP SSL Insecure Certificate Validation Weakness

Specific exploit code is not required; attackers may use readily available man-in-the-middle network attack utilities.