curl: Schannel custom-CA path skips Extended Key Usage enforcement

Hi all, We believe the Schannel custom-CA verification path in lib/vtls/schannelverify.c may skip Extended Key Usage enforcement. In particular, a certificate that chains to the trusted custom CA but contains only id-kp-clientAuth, rather than id-kp-serverAuth, may pass peer verification on Windo...

Understanding Student Experiences with TLS Client Authentication

Mutual TLS mTLS provides strong, certificate-based authentication for both clients and servers, yet its adoption for user-facing websites remains rare. This paper presents a longitudinal study of mTLS usability, tracking 46 senior and graduate computer science students who configured client...

EUVD-2026-12745

mdjnelson/moodle-modcustomcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate elements...

Custom certificate activity 安全漏洞

Custom Certificate Activity is a dynamically generated and customizable PDF certificate plugin developed by Mark Nelson as an individual developer. Versions of Custom Certificate Activity prior to 4.4.9 and 5.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the...

CVE-2026-27134 Strimzi: All CAs from a custom CA chain consisting of multiple CAs are trusted for mTLS user autentication

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Strimzi incorrectly configures the trusted...

CVE-2025-9708 Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks

A vulnerability exists in the Kubernetes C client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via a flaw in the certificate validation logic, which accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. An attacker can use this to...

CVE-2022-42784

A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA1 All versions = V8.3, LOGO! 12/24RCEo 6ED1052-2MD08-0BA1 All versions = V8.3, LOGO! 230RCE 6ED1052-1FB08-0BA1 All versions = V8.3, LOGO! 230RCEo 6ED1052-2FB08-0BA1 All versions = V8.3, LOGO! 24CE 6ED1052-1CC08-0BA1 All versio...

Unspecified Vulnerability in Siemens LOGO! BM (Base Module) Devices

Siemens LOGO! BM Base Module devices are used for basic small-scale automation tasks. An unspecified vulnerability exists in the Siemens LOGO! BM Base Module device due to the susceptibility of the affected device to electromagnetic fault injection. An attacker could exploit the vulnerability to...

PAN-OS: Panorama session disclosure during context switch into managed device

An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacke...

CVE-2017-2639

It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization RHEV and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensiti...

openSUSE Security Update : libgit2 (openSUSE-2017-213)

This update for libgit2 fixes the following issues : - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted bsc1019037. - CVE-2017-5338: When using the custom certificate callback or when using...

SSL Custom CA Setup

Configure the loading of the certificate authorities for SSL validation. This will load the Tenable-managed default certificate authorities and allow Nessus users to load custom certificate authorities. Multiple custom CA files are available to help with the management of custom certificate...