High level #vulnerability

Harry Sintonen@infosec.exchange to Cybersecurity@fedia.io · 12 days ago

High level #vulnerability
#CVE_2024_12797 in #OpenSSL:

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don’t abort as expected when the SSL_VERIFY_PEER verification mode is set.

Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients.

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2024-12797

#infosec #cybersecurity #infosecurity

You must log in or register to comment.

Chat

Cybersecurity@fedia.io

cybersecurity@fedia.io

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

50 users / day
233 users / week
653 users / month
1.85K users / 6 months
29 local subscribers
23 subscribers
508 Posts
540 Comments
Modlog