mercurial: man-in-the-middle attack
| Package(s): | mercurial |
CVE #(s): | CVE-2010-4237
|
| Created: | December 7, 2010 |
Updated: | December 8, 2010 |
| Description: |
From the Novell bugzilla:
a security flaw was found in the way Mercurial handled subject
Common Name field of the provided certificate (the check
if the commonName in the received certificate matches the
requested hostname was not performed). An attacker, able
to get a carefully-crafted certificate signed by a Certificate
Authority could use the certificate during a man-in-the-middle
attack and potentially confuse Mercurial into accepting it by
mistake.
|
| Alerts: |
|
