Microsoft: >> Windows Phone 7 Firmware Security Vulnerabilities
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.
CVSS Score
5.9
EPSS Score
0.067
Published
2012-09-18