Lucene search
GoogleOSV:GHSA-9XJR-M6F3-V5WMHistoryAug 25, 2021 - 8:43 p.m.
HTTPS MitM vulnerability due to lack of hostname verification
2021-08-2520:43:06
Google
osv.dev
4
0.001 Low
EPSS
Percentile
28.7%
When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests.
This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there’s a hostname mismatch.
The problem was addressed by leveraging rust-openssl’s built-in support for hostname verification.
Related
cvelist
cvelist
CVE-2016-10932
2019-08-26 12:01:57
cve
cve
CVE-2016-10932
2019-08-26 13:15:10
github
github
HTTPS MitM vulnerability due to lack of hostname verification
2021-08-25 20:43:06
osv
osv
HTTPS MitM vulnerability due to lack of hostname verification
2016-05-09 12:00:00
CVE-2016-10932
2019-08-26 13:15:10
rustsec
rustsec
HTTPS MitM vulnerability due to lack of hostname verification
2016-05-09 12:00:00
prion
prion
Design/Logic Flaw
2019-08-26 13:15:00
nvd
nvd
CVE-2016-10932
2019-08-26 13:15:10
debiancve
debiancve
CVE-2016-10932
2019-08-26 13:15:10