Lack of TLS Certificate Warning in Geary before 0.6.3 Allows for Man-in-the-Middle Attacks

Lack of TLS Certificate Warning in Geary before 0.6.3 Allows for Man-in-the-Middle Attacks

CVE-2014-5444 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate.

Learn more about our User Device Pen Test.