KDE / Konqueror Embedded Common Name Certificate Validation Vulnerability

Konqueror Embedded web browser fails to correctly validate that Common Name (CN) field for X.509 certificates when a SSL/TLS session is negotiated. The browser fails to detect cases where the CN doesn't match the hostname of the server. This could lead to a variety of attacks, including the possibility of allowing a malicious server to masquerade as a trusted server.

The non-embedded Konqueror distribution is reportedly not affected by this issue.


 

Privacy Statement
Copyright 2010, SecurityFocus