CVE-2014-2845

Published: 2017-11-15T18:29Z

Last Modified: 2024-11-21T02:07Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt