Логотип exploitDog
bind:"CVE-2024-12797"
Консоль
Логотип exploitDog

exploitDog

bind:"CVE-2024-12797"

Количество 10

Количество 10

ubuntu логотип

CVE-2024-12797

6 месяцев назад

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients. RPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server's RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. Clients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that ...

CVSS3: 6.3
EPSS: Низкий
redhat логотип

CVE-2024-12797

6 месяцев назад

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients. RPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server's RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. Clients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that ...

CVSS3: 7.4
EPSS: Низкий
nvd логотип

CVE-2024-12797

6 месяцев назад

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients. RPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server's RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. Clients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that

CVSS3: 6.3
EPSS: Низкий
msrc логотип

CVE-2024-12797

6 месяцев назад

CVSS3: 6.3
EPSS: Низкий
debian логотип

CVE-2024-12797

6 месяцев назад

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authent ...

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-79v4-65xg-pq4g

6 месяцев назад

Vulnerable OpenSSL included in cryptography wheels

EPSS: Низкий
oracle-oval логотип

ELSA-2025-1330

6 месяцев назад

ELSA-2025-1330: openssl security update (IMPORTANT)

EPSS: Низкий
fstec логотип

BDU:2025-01602

6 месяцев назад

Уязвимость режима SSL_VERIFY_PEER криптографической библиотеки OpenSSL, позволяющая нарушителю реализовать атаку типа «человек-посередине»

CVSS3: 7.3
EPSS: Низкий
redos логотип

ROS-20250226-16

6 месяцев назад

Уязвимость openssl3

CVSS3: 7.3
EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:02042-1

около 2 месяцев назад

Security update for openssl-3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients. RPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server's RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. Clients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that ...

CVSS3: 6.3
0%
Низкий
6 месяцев назад
redhat логотип
CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients. RPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server's RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. Clients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that ...

CVSS3: 7.4
0%
Низкий
6 месяцев назад
nvd логотип
CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients. RPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server's RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. Clients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that

CVSS3: 6.3
0%
Низкий
6 месяцев назад
msrc логотип
CVSS3: 6.3
0%
Низкий
6 месяцев назад
debian логотип
CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authent ...

CVSS3: 6.3
0%
Низкий
6 месяцев назад
github логотип
GHSA-79v4-65xg-pq4g

Vulnerable OpenSSL included in cryptography wheels

0%
Низкий
6 месяцев назад
oracle-oval логотип
ELSA-2025-1330

ELSA-2025-1330: openssl security update (IMPORTANT)

6 месяцев назад
fstec логотип
BDU:2025-01602

Уязвимость режима SSL_VERIFY_PEER криптографической библиотеки OpenSSL, позволяющая нарушителю реализовать атаку типа «человек-посередине»

CVSS3: 7.3
0%
Низкий
6 месяцев назад
redos логотип
ROS-20250226-16

Уязвимость openssl3

CVSS3: 7.3
0%
Низкий
6 месяцев назад
suse-cvrf логотип
SUSE-SU-2025:02042-1

Security update for openssl-3

около 2 месяцев назад

Уязвимостей на страницу