Vulnerability in OpenSSL (CVE-2015-1793)

2015-07-09T00:00:00
ID OPENSSL:CVE-2015-1793
Type openssl
Reporter OpenSSL
Modified 2015-07-09T00:00:00

Description

An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. Reported by Adam Langley and David Benjamin (Google/BoringSSL) on 24th June 2015.