AI Score
Confidence
High
EPSS
Percentile
51.7%
CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.
secunia.com/advisories/62604
www.openwall.com/lists/oss-security/2014/04/18/2