Trillian MSN SSL Certificate Validation Security Bypass Vulnerability Network Vulnerability

Summary

This host is installed with Trillian and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow attackers to perform man-in-the-middle attacks. Impact Level: Application

Solution

Upgrade to Cerulean Studios Trillian version 4.2 or later For more info refer, http://www.trillian.im/ NOTE: Ignore this warning, if it's Trillian Pro Edition

Insight

The flaw is due to improper varification of SSL certificate before sending MSN user credentials.

Affected

Cerulean Studios Trillian 3.1 Basic on windows.

References

http://secunia.com/advisories/35620
http://xforce.iss.net/xforce/xfdb/51400

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4831

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)
Apple Safari Multiple Memory Corruption Vulnerabilities-03 Aug14 (Mac OS X)
Apple Safari libxml Denial of Service Vulnerability
Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities