The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pidgin | Pidgin | 2.4.3 (including) | 2.4.3 (including) |