Neon NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Neon is prone to a security-bypass vulnerability because it fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.

This issue affects Neon when compiled against OpenSSL.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

Versions prior to Neon 0.28.6 are vulnerable. Additional applications that use the affected library may also be vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus