2 matches found
Missing hostname validation in Kroxylicious
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...
PT-2024-38914 · Unknown · Kroxylicious
Name of the Vulnerable Software and Affected Versions: Kroxylicious affected versions not specified Description: A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's...