11 matches found
Non-CA certificate accepted as intermediate issuer in public_key path validation
...
SUSE CVE-2026-42789
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...
CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...
EUVD-2026-32272
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...
CVE-2026-42789
The CVE-2026-42789 entry documents a vulnerability in Erlang OTP public_key (pubkey_cert module): a certificate with basicConstraints cA:false and no keyUsage can be misused as an intermediate issuer during pkix_path_validation, enabling chain forgery. Two flaws in pubkey_cert:validate_extensions...
GHSA-6C5R-4WFC-3MCX Hashicorp Vault has Incorrect Validation for Non-CA Certificates
Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the verifyCredentials. An attacker can impersonate a trusted client by crafting a malicious certificate when a non-CA certificate is used as a trusted certificate. Remediation Upgrade...
CVE-2025-6037 Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates
Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...
GO-2024-2617 Authentication bypass in github.com/hashicorp/vault
The TLS certificate authentication method incorrectly validates client certificates when configured with a non-CA certificate as a trusted certificate. When configured this way, attackers may be able to craft a certificate that can be used to bypass authentication...
CVE-2011-0228
Affected software: Apple iOS prior to 4.2.10 and 4.3.x prior to 4.3.5. Vulnerability: The Data Security component does not check the basicConstraints parameter when validating X.509 certificate chains, allowing a non-CA certificate to sign a certificate for any domain. This enables a man-in-the-m...
CVE-2011-0228
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an...