Unrated severityNVD Advisory· Published Oct 14, 2010· Updated Apr 29, 2026

CVE-2010-3901

Description

OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option.

Affected products

Infradead/Openconnect5 versions
cpe:2.3:a:infradead:openconnect:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:infradead:openconnect:*:*:*:*:*:*:*:*range: <=2.22
- cpe:2.3:a:infradead:openconnect:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:1.30:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000