Improper certificate management in AWS IoT Device SDK v2

Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.4.2, Python versions prior to 1.6.1, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.3 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in the...

Improper Certificate Validation

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store...

CVE-2021-40830 Inconsistent CA override function behavior within AWS IoT Device SDKs on Unix systems

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store...