{"vuid":"VU#389795","idnumber":"389795","name":"Windows Phone 7 does not check certificate Common Names when sending or receiving emails over SSL.","keywords":["windows phone 7","pop3","smtp","imap","mitm"],"overview":"Windows Phone 7 does not check CN (Common Name) of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP servers using SSL.","clean_desc":"Windows Phone 7 fails to check the CN (Common Name) of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP servers using SSL allowing an attacker to perform a man-in-the-middle attack between the phone and the mail server.","impact":"A remote attacker with the ability to pose as a man-in-the-middle may be able to view the login or session data in the corresponding protocol (e.g., SMTP, POP3, etc.).","resolution":"Microsoft has acknowledged this vulnerability and stated that they will be releasing an update.","workarounds":"","sysaffected":"","thanks":"Thanks to the reporter that wishes to remain anonymous.","author":"This document was written by Michael Orlando.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","w","i","n","d","o","w","s","p","h","o","n","e","/","e","n","-","u","s","/","d","e","f","a","u","l","t",".","a","s","p","x"],"cveids":["CVE-2012-2993"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-06-15T18:16:35Z","publicdate":"2012-09-17T00:00:00Z","datefirstpublished":"2012-09-17T11:58:34Z","dateupdated":"2012-09-17T11:58:36Z","revision":11,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"H","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"LM","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5.4","cvss_basevector":"AV:N/AC:H/Au:N/C:C/I:N/A:N","cvss_temporalscore":"4.4","cvss_environmentalscore":"4.6","cvss_environmentalvector":"CDP:LM/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}