CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

CVE-2020-15133

CVE-2020-15133 affects the faye-websocket library prior to 0.11.0. The issue is a lack of certificate verification in TLS handshakes: Faye::WebSocket::Client uses EM::Connection#start_tls for wss: connections and does not validate the server’s TLS certificate by default, enabling potential man-in...

GHSA-3Q49-H8F9-9FR9 Missing TLS certificate verification

Faye uses em-http-request6 and faye-websocket10 in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by...

Telnet Service START_TLS Support

The remote Telnet service supports the use of a 'STARTTLS' option to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid51890; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...

pam_ldap/nss_ldap password leak in a master+slave+start_tls LDAP setup

pamldap/nssldap fail to re-start TLS when following referred connections. This can result in credentials being sent in clear text when pamldap/nssldap attempt to rebind. This affects any LDAP infrastructure which can generate referrals during NSS or PAM operations generally a master+slave LDAP...