9 matches found
CVE-2024-1052
Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...
CVE-2024-1052
Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...
CVE-2024-1052
Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...
Session fixation
Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...
CVE-2024-1052
Boundary and Boundary Enterprise are affected by CVE-2024-1052: session hijacking via TLS certificate tampering. The issue occurs when an attacker who can enumerate active/pending sessions, obtain a session private key, and possess a valid TOFU token can craft a TLS certificate to hijack an activ...
CVE-2024-1052 Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...
CVE-2024-1052 Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...
HashiCorp Boundary Security Vulnerability
HashiCorp Boundary is an open source solution from the US-based HashiCorp Inc. It automates secure identity-based user access to hosts and services across environments. A security vulnerability exists in HashiCorp Boundary and Boundary Enterprise versions prior to 0.15.0 that stems from...
SUSE CVE-2019-1552
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versio...