Lucene search
GoogleOSV:GHSA-34P9-F4Q3-C4R7HistoryAug 25, 2021 - 8:43 p.m.
Improper Certificate Validation in openssl
2021-08-2520:43:11
Google
osv.dev
12
openssl
certificate validation
insecure defaults
man-in-the-middle
sslconnector
sslacceptor
sslcontext
All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks. The problem was addressed in newer versions by enabling certificate verification by default and exposing APIs to perform hostname verification. Use the SslConnector and SslAcceptor types to take advantage of these new features (as opposed to the lower-level SslContext type).
Related
prion
prion
Design/Logic Flaw
2019-08-26 12:15:00
osv
osv
CVE-2016-10931
2019-08-26 12:15:11
SSL/TLS MitM vulnerability due to insecure defaults
2016-11-05 12:00:00
debiancve
debiancve
CVE-2016-10931
2019-08-26 12:15:11
rustsec
rustsec
SSL/TLS MitM vulnerability due to insecure defaults
2016-11-05 12:00:00
cvelist
cvelist
CVE-2016-10931
2019-08-26 12:00:16
nvd
nvd
CVE-2016-10931
2019-08-26 12:15:11
cve
cve
CVE-2016-10931
2019-08-26 12:15:11
ubuntucve
ubuntucve
CVE-2016-10931
2019-08-26 00:00:00
github
github
Improper Certificate Validation in openssl
2021-08-25 20:43:11
rosalinux
rosalinux
Advisory ROSA-SA-2021-1939
2021-07-02 17:38:47