Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2026-36765

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...

5.2AI score0.00191EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2026-45388

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication because of KeyUsage and ExtendedKeyUsage...

9.1CVSS0.00225EPSS
Exploits1References1
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2026-45389

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...

7.4CVSS0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 a.m.6 views

CVE-2026-45389

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...

5.2AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.27 views

CVE-2026-45389

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...

0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.14 views

CVE-2026-45388

CVE-2026-45388 affects OCaml-TLS before 2.1.0. The TLS 1.3 client path in handshake_client13.ml did not wire into validate_keyusage, allowing a certificate issued for non-server purposes (e.g., clientAuth, codeSigning, emailProtection) to impersonate a TLS server if the EKU/KeyUsage restrictions ...

9.1CVSS5.2AI score0.00225EPSS
Exploits1References1
CVE
CVE
added 2026/06/15 12:0 a.m.12 views

CVE-2026-45389

Summary (OCaml-TLS CVE-2026-45389): OCaml-TLS versions before 2.1.0 fail to properly validate KeyUsage and ExtendedKeyUsage on client certificates during mutual TLS, allowing impersonation with certificates intended for server authentication. The issue arises in the server-side certificate valida...

7.4CVSS5.3AI score0.00191EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 1:50 p.m.32 views

OSEC-2026-06 TLS-client (with TLS 1.3) does insufficient certificate checks (missing KeyUsage and ExtendedKeyUsage validation)

The ocaml-TLS 1.3 client does not validate the KeyUsage and ExtendedKeyUsage extensions of the server certificate. This can lead to impersonation with a certificate issued to a client. Scenario Every employee at a major bank carries a smart card. The card holds a clientAuth certificate issued by...

7.4CVSS5.8AI score0.00225EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.15 views

PT-2026-42202

Name of the Vulnerable Software and Affected Versions OCaml-TLS versions prior to 2.1.0 Description The client implementation in OCaml-TLS fails to properly validate the KeyUsage and ExtendedKeyUsage EKU extensions of server certificates during TLS 1.3 handshakes. Specifically, the answer...

7.4CVSS5.2AI score0.00225EPSS
Exploits1References2
Rows per page
Query Builder