Lucene search
RustsecRUSTSEC-2016-0001HistoryNov 05, 2016 - 12:00 p.m.
SSL/TLS MitM vulnerability due to insecure defaults
2016-11-0512:00:00
rustsec.org
13
EPSS
0.001
Percentile
43.8%
All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults
including off-by-default certificate verification and no API to perform hostname
verification.
Unless configured correctly by a developer, these defaults could allow an attacker
to perform man-in-the-middle attacks.
The problem was addressed in newer versions by enabling certificate verification
by default and exposing APIs to perform hostname verification. Use the
SslConnector and SslAcceptor types to take advantage of these new features
(as opposed to the lower-level SslContext type).
Related
osv
osv
SSL/TLS MitM vulnerability due to insecure defaults
2016-11-05 12:00:00
CVE-2016-10931
2019-08-26 12:15:11
Improper Certificate Validation in openssl
2021-08-25 20:43:11
cvelist
cvelist
CVE-2016-10931
2019-08-26 12:00:16
prion
prion
Design/Logic Flaw
2019-08-26 12:15:00
debiancve
debiancve
CVE-2016-10931
2019-08-26 12:15:11
nvd
nvd
CVE-2016-10931
2019-08-26 12:15:11
cve
cve
CVE-2016-10931
2019-08-26 12:15:11
ubuntucve
ubuntucve
CVE-2016-10931
2019-08-26 00:00:00
github
github
Improper Certificate Validation in openssl
2021-08-25 20:43:11
rosalinux
rosalinux
Advisory ROSA-SA-2021-1939
2021-07-02 17:38:47