Windows Phone Certificate Validation Vulnerability

Last Update Date: 19 Sep 2012 10:35 Release Date: 19 Sep 2012 4280 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

A vulnerability has been identified in Windows Phone 7,  a remote user can spoof secure e-mail servers in certain cases.

 

The software does not validate Common Name (CN) values of mail server SSL certificates when sending or retrieving email via POP3, IMAP, and SMTP.

 

A remote user with the ability to conduct a man-in-the-middle attack between the target e-mail server and the target phone device can spoof the secure e-mail server to access the encrypted session.

 

NOTE: No official solution is currently available

Impact

  • Spoofing

System / Technologies affected

  • Windows Phone 7

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • NOTE: No official solution is currently available

Vulnerability Identifier

Source

Related Link

Share with

Previous

Novell GroupWise Internet Agent Integer Overflow Vulnerability

17 Sep 2012 4149 Views

Next

Google SketchUp SKP File Processing Vulnerability

20 Sep 2012 4179 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY