Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:23694
HistoryApr 10, 2020 - 12:33 a.m.

Man-in-the-Middle (MitM)

2020-04-1000:33:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15

EPSS

0.003

Percentile

65.2%

Netscape Portable Runtime (NSPR) is susceptible to Man-in-the-Middle (MitM) attack. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake.

References