Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2024/02/05 8:43 p.m.23 views

CVE-2024-1052 Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering

Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...

8CVSS6.9AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2024/02/05 8:43 p.m.65 views

CVE-2024-1052

Boundary and Boundary Enterprise are affected by CVE-2024-1052: session hijacking via TLS certificate tampering. The issue occurs when an attacker who can enumerate active/pending sessions, obtain a session private key, and possess a valid TOFU token can craft a TLS certificate to hijack an activ...

8CVSS7.8AI score0.00294EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/05 8:43 p.m.28 views

CVE-2024-1052 Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering

Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a TLS...

8CVSS8.1AI score0.00294EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/02/05 6:49 p.m.5 views

Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering

Summary Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a...

8CVSS6.8AI score0.00294EPSS
Exploits0Affected Software2
Rows per page
Query Builder