366 matches found
Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator
Description X509Authenticator implements client-certificate mTLS authentication: the web server validates the client's certificate against a trusted CA, then passes the certificate's Subject DN Distinguished Name: a string like CN=Alice,O=Example,[email protected] to Symfony via...
PT-2026-44132
Description X509Authenticator implements client-certificate mTLS authentication: the web server validates the client's certificate against a trusted CA, then passes the certificate's Subject DN Distinguished Name: a string like CN=Alice,O=Example,[email protected] to Symfony via $...
ROS-20260527-73-0003
Vulnerability in openbao related to errors in certificate authentication procedure. The vulnerability can be exploited remotely...
Astra Linux - уязвимость в postgresql-11
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries during the initial establishment of a connection, despite the use of SSL certificate verification and encryption...
Unity Linux 20.1070e Security Update: postgresql (UTSA-2026-017752)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017752 advisory. When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject...
Astra Linux - уязвимость в pgbouncer
When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1...
Astra Linux - уязвимость в tomcat9
CLIENTCERT authentication does not fail as expected in some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: versions from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, and from 9.0.92 through 9.0.116. Users are recommended to...
ROS-20260430-73-0008
Vulnerability in golang related to errors in certificate authentication procedure. The vulnerability can be exploited remotely...
ROS-20260430-73-0016
Vulnerability in golang related to errors in certificate authentication procedure. The vulnerability can be exploited remotely...
CVE-2026-41081
Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...
CVE-2026-41081 Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure
Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...
CVE-2026-41081
Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...
CLEANSTART-2026-IS05941 CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native
Multiple security vulnerabilities affect the thingsboard package. CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. See references for individual vulnerability details...
OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate
Background OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Token renewals for other authentication methods do not require any supplied login...
GHSA-7CCV-RP6M-RFFR OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate
Background OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Token renewals for other authentication methods do not require any supplied login...
EUVD-2026-24029
OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate...
CVE-2026-39388
A flaw was found in OpenBao, an open source identity-based secrets management system. When renewing tokens using the Certificate authentication method with disablebinding=true, the system incorrectly verifies the presented mTLS mutual Transport Layer Security certificate. This vulnerability allow...
CVE-2026-39388
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...
CVE-2026-39388 OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...
CVE-2026-39388
OpenBao (open source identity-based secrets management) prior to version 2.5.3 contains a flaw in the Certificate authentication method: when a token renewal is requested with disable_binding=true, the system attempts to verify that the presented mTLS certificate matches the original. Due to inco...