{
  "modified": "2025-08-09T19:01:27Z",
  "published": "2010-10-14T05:58:42Z",
  "id": "CVE-2010-3901",
  "details": "OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option.",
  "references": [
    {
      "type": "WEB",
      "url": "http://www.infradead.org/openconnect.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/08/01/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/08/02/7"
    }
  ]
}