26 matches found
POODLE Attack
crypto/tls in github.com/golang/go is vulnerable to the POODLE attack. The vulnerability exists due to the default SSLv3 fallback configuration in crypto/tls...
Man-in-the-Middle (MitM)
github.com/golang/go is vulnerable to man-in-the-middle MitM attack. A malicious user can set up a MitM SMTP server that doesn't advertise STARTTLS and advertises that PLAIN authentication can be used. By doing this, smtp.PlainAuth will send the username and password will be sent to the server...
Untrusted Certificate Validation
crypto/x509 in github.com/golang/go uses untrusted certificates for validation. When used on Darwin, golang will use an untrusted root certificate as if it were trusted when verifying connections...
Missing Certificate Request Signature Validation
crypto/x509 in github.com/golang/go is missing certificate request signature validation. The library does not check the binding of the private key i.e., signature validation to its corresponding entities' certificate...
Cross-site Scripting (XSS)
net/http in github.com/golang/go is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the Error function as a user can control the error message...
HTTP Header Injection
net/textproto in github.com/golang/go is vulnerable to HTTP header injection attacks. These attacks are possible because it treats spaces as hyphens. This leaves net/textproto vulnerable to request smuggling...