CVE-2011-5242

EUVD-2011-5142
tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
themattharristmhoauth
𝑥
≤ 0.60
themattharristmhoauth
0.2
themattharristmhoauth
0.3
themattharristmhoauth
0.4
themattharristmhoauth
0.5
themattharristmhoauth
0.11
themattharristmhoauth
0.12
themattharristmhoauth
0.13
themattharristmhoauth
0.14
themattharristmhoauth
0.51
themattharristmhoauth
0.52
themattharristmhoauth
0.53
themattharristmhoauth
0.54
themattharristmhoauth
0.55
themattharristmhoauth
0.56
themattharristmhoauth
0.57
themattharristmhoauth
0.58
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.unrest.ca/peerjacking
https://github.com/themattharris/tmhOAuth/blob/master/README.md
http://www.unrest.ca/peerjacking
https://github.com/themattharris/tmhOAuth/blob/master/README.md