CVE-2010-1802

CVE-2010-1802 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com.

Learn more about our Cis Benchmark Audit For Server Software.