MOABI : Continuous Software Improvement

CVE-2009-4833
Description	MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate.
Impact	CVSS v2 : 5.8 MEDIUM
Type	CWE-20
Attack Vector	CVSSv2 Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P
Quick links	CVE, NVD, CERT, Metasploit, Exploit-db, Fulldisc, Bugtraq, Microsoft, Red Hat, Debian, GitHub code/issues, Google
References	http://bugs.mysql.com/bug.php?id=38700 http://secunia.com/advisories/35604 http://www.securityfocus.com/bid/35514 http://www.securitytracker.com/id?1022482 https://exchange.xforce.ibmcloud.com/vulnerabilities/51406