Domain Name Verification Bypass in Microsoft Windows Phone 7

Domain Name Verification Bypass in Microsoft Windows Phone 7

CVE-2012-2993 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.

Learn more about our Cis Benchmark Audit For Server Software.