Lucene search

K

Internet Bug Bounty: Silent omission of certificate hostname verification in LibreSSL and BoringSSL

🗓️ 25 Mar 2018 12:24:36Reported by tiranType 
hackerone
 hackerone
🔗 hackerone.com👁 29 Views

Internet Bug Bounty: Silent omission of certificate hostname verification in LibreSSL and BoringSSL. Open SSL 1.0.2 function X509_VERIFY_PARAM_set1_host silently neglected by LibreSSL and BoringSSL, leaving applications vulnerable to MitM attacks

Show more
Related
ReporterTitlePublishedViews
Family
NVD
CVE-2018-8970
24 Mar 201821:29
nvd
Cvelist
CVE-2018-8970
24 Mar 201821:00
cvelist
Prion
Design/Logic Flaw
24 Mar 201821:29
prion
CVE
CVE-2018-8970
24 Mar 201821:29
cve
OSV
libcrypto46-3.3.4-1.2 on GA media
15 Jun 202400:00
osv
Tenable Nessus
openSUSE Security Update : libressl (openSUSE-2018-953)
4 Sep 201800:00
nessus
OpenVAS
openSUSE: Security Advisory for libressl (openSUSE-SU-2018:2597-1)
4 Sep 201800:00
openvas
SUSE Linux
Security update for libressl (moderate)
4 Sep 201800:07
suse

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo