VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Apr 20, 2010· Updated Apr 29, 2026

CVE-2010-0744

CVE-2010-0744

Description

aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate.

Affected products

10
  • Alvaro/Alvaros Messenger10 versions
    cpe:2.3:a:alvaro:alvaros_messenger:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:alvaro:alvaros_messenger:*:*:*:*:*:*:*:*range: <=0.98.3
    • cpe:2.3:a:alvaro:alvaros_messenger:0.83:*:*:*:*:*:*:*
    • cpe:2.3:a:alvaro:alvaros_messenger:0.90:*:*:*:*:*:*:*
    • cpe:2.3:a:alvaro:alvaros_messenger:0.91:*:*:*:*:*:*:*
    • cpe:2.3:a:alvaro:alvaros_messenger:0.92:*:*:*:*:*:*:*
    • cpe:2.3:a:alvaro:alvaros_messenger:0.93:*:*:*:*:*:*:*
    • cpe:2.3:a:alvaro:alvaros_messenger:0.94:*:*:*:*:*:*:*
    • cpe:2.3:a:alvaro:alvaros_messenger:0.95:*:*:*:*:*:*:*
    • cpe:2.3:a:alvaro:alvaros_messenger:0.96:*:*:*:*:*:*:*
    • cpe:2.3:a:alvaro:alvaros_messenger:0.97:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

15

News mentions

0

No linked articles in our index yet.