Qt 'QSslSocket::sslErrors()' Certificate Validation Security Weakness

Qt is prone to a security weakness related to verification of SSL certificates.

Successfully exploiting this issue results in users having a false sense of security which may aid attackers in phishing-style attacks by bypassing security warnings when invalid certificates are used in SSL HTTP connections.

Qt 4.8.4 and prior versions are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus