A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate.
{ "nvd_published_at": "2023-12-12T16:15:07Z", "cwe_ids": [ "CWE-295" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-01-19T17:51:27Z" }