4 matches found
PYSEC-2026-575 wolfSSL Python module vulnerable to Improper Authentication
A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...
GHSA-4JQP-9QJV-57M2 Keylime Missing Authentication for Critical Function and Improper Authentication
Impact The Keylime registrar does not enforce mutual TLS mTLS client certificate authentication since version 7.12.0. The registrar's TLS context is configured with ssl.CERTOPTIONAL instead of ssl.CERTREQUIRED, allowing any client to connect to protected API endpoints without presenting a valid...
PT-2026-1769
Name of the Vulnerable Software and Affected Versions wolfssl-py versions up to and including 5.8.2 Description A flaw exists in the handling of verify mode = CERT REQUIRED within the wolfssl Python package wolfssl-py. The absence of the WOLFSSL VERIFY FAIL IF NO PEER CERT flag causes the softwar...
Exploit for SQL Injection in Microsoft
Microsoft Configuration Manager ConfigMgr / SCCM 2403 Unauth...