Ximian Evolution SSL Man-In-The-Middle Vulnerability

info
discussion
exploit
solution
references

Ximian Evolution SSL Man-In-The-Middle Vulnerability

A vulnerability has been discovered in Ximian Evolution's camel component.

Evolution's camel component fails to re-authenticate previously accepted SSL certificates when re-establishing a connection.

Exploitation of this issue potentially allows for an attacker to inject a maliciously constructed certificate, which the camel component will accept as authentic. By doing so, an intruder could intercept and modify SSL traffic.