Описание
Azure IoT SDK Spoofing Vulnerability
A spoofing vulnerability exists for the C# and Java SDKs in the Azure IoT Device Provisioning AMQP Transport library which improperly validates certificates over the AMQP protocol. The same vulnerability exists for the C SDK in the Azure IoT Device library running on Windows devices. An attacker who successfully exploited this vulnerability could impersonate a server used during the provisioning process.
To exploit this vulnerability, an attacker would need to perform a man-in-the-middle (MitM) attack on the network that provisioning was taking place.
This security update addresses the vulnerability by correcting how the AMQP Transport library validates certificates.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| C# SDK for Azure IoT | ||
| C SDK for Azure IoT | ||
| Java SDK for Azure IoT |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK.
A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK.
EPSS