Описание
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak.
This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5.
Ссылки
EPSS
Процентиль: 1%
0.00012
Низкий
7.4 High
CVSS3
Дефекты
CWE-328
Связанные уязвимости
CVSS3: 7.4
github
8 месяцев назад
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5.
EPSS
Процентиль: 1%
0.00012
Низкий
7.4 High
CVSS3
Дефекты
CWE-328