aMSN (aka Alvaros Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subjects Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Alvaros_messenger | Alvaro | * | 0.98.3 (including) |
| Alvaros_messenger | Alvaro | 0.83 (including) | 0.83 (including) |
| Alvaros_messenger | Alvaro | 0.90 (including) | 0.90 (including) |
| Alvaros_messenger | Alvaro | 0.91 (including) | 0.91 (including) |
| Alvaros_messenger | Alvaro | 0.92 (including) | 0.92 (including) |
| Alvaros_messenger | Alvaro | 0.93 (including) | 0.93 (including) |
| Alvaros_messenger | Alvaro | 0.94 (including) | 0.94 (including) |
| Alvaros_messenger | Alvaro | 0.95 (including) | 0.95 (including) |
| Alvaros_messenger | Alvaro | 0.96 (including) | 0.96 (including) |
| Alvaros_messenger | Alvaro | 0.97 (including) | 0.97 (including) |
| Amsn | Ubuntu | dapper | * |
| Amsn | Ubuntu | hardy | * |
| Amsn | Ubuntu | intrepid | * |
| Amsn | Ubuntu | jaunty | * |
| Amsn | Ubuntu | karmic | * |
| Amsn | Ubuntu | lucid | * |
| Amsn | Ubuntu | maverick | * |
| Amsn | Ubuntu | upstream | * |