BlackBerry 4.x Dialog Box Certificate Mismatch
Medium Nessus Network Monitor Plugin ID 5189
SynopsisThe remote host is affected by a certificate mismatch vulnerability.
DescriptionThe included browser in versions of BlackBerry OS 4.5.0 before 22.214.171.124, 4.6.0 before 126.96.36.1993, 4.6.1 before 188.8.131.529, 4.7.0 before 184.108.40.206, and 4.7.1 before 220.127.116.11 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to deceive a user into believing they are accessing a trusted site.
SolutionUpgrade the BlackBerry to 18.104.22.168, or later. If 4.7.x cannot be installed, versions 22.214.171.124, 126.96.36.1993, 188.8.131.529, and 184.108.40.206 are also patched for this vulnerability.