Vigil@nce - Windows Phone 7: not checking the Common Name
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
The Windows Phone 7 messaging client does not check the Common
Name field of the X.509 certificate sent by the server, so an
attacker can use a man-in-the-middle without being detected.
Impacted products: Windows Phone
Severity: 2/4
Creation date: 18/09/2012
DESCRIPTION OF THE VULNERABILITY
The Windows Phone 7 system contains a messaging client to connect
to POP3, IMAP or SMTP servers.
Sessions can be encrypted by SSL/TLS. In this case, the server
sends an X.509 certificate. The Common Name filed has to be the
same as the server name.
However, if the Common Name field is for another site, Windows
Phone 7 accepts it.
The Windows Phone 7 messaging client therefore does not check the
Common Name field of the X.509 certificate sent by the server, so
an attacker can use a man-in-the-middle without being detected.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-Phone-7-not-checking-the-Common-Name-11954