Vigil@nce - cURL: incorrect certificate check via SChannel/Winssl
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can deceive Windows cURL users with the
SChannel/Winssl backend, in order to trigger a Man-in-the-Middle.
Impacted products: cURL, Slackware
Severity: 2/4
Creation date: 17/03/2014
Revision date: 18/03/2014
DESCRIPTION OF THE VULNERABILITY
The cURL product can be installed on Windows, with the
SChannel/Winssl SSL backend.
The cURL client can access to a SSL server by using its IP
address, or by using its domain name.
However, when the SChannel/Winssl backend is used, and when cURL
connects to a server using its IP address, it does not validate
the server certificate.
An attacker can therefore deceive Windows cURL users with the
SChannel/Winssl backend, in order to trigger a Man-in-the-Middle.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/cURL-incorrect-certificate-check-via-SChannel-Winssl-14437