curl: curl GnuTLS backend accepts a clientAuth-only certificate for HTTPS server authentication

Summary: When curl/libcurl is built with the GnuTLS backend, the current HTTPS server-certificate validation path verifies the trust chain and hostname but does not enforce TLS server Extended Key Usage semantics. As a result, a leaf certificate that chains to a trusted CA, matches the requested...

DragonFly's manager generates mTLS certificates for arbitrary IP addresses

A peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if the pee...

Authentication flaw

When Security Assertion Markup Language SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI...

Security Bulletin: Multiple vulnerabilities in IBM MQ Appliance (CVE-2020-4025 and CVE-2020-4203)

Summary IBM MQ Appliance has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-4205 DESCRIPTION: IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after...

CVE-2020-4205

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961...

Multiple F5 products apache_auth_token_mod and mod_auth_f5_auth_token.cpp Apache module brute force vulnerability

F5 BIG-IP LTM and so on are products of F5 Corporation of the United States.F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. apacheauthtokenmod and modauthf5authtoken.cpp are among the modules. apache authtokenmod is an antitrust module...

openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0371-1)

update to 1.2 - New features : - Signed JNLP support - Support for client authentication certificates - Cache size enforcement now supported via itweb-settings - Applet parameter passing through JNLP files now supported - Better icons for access warning dialog - Security Dialog UI revamped to...