DSA-3967-1 mbedtls -- mbedtlsID: oval:org.secpod.oval:def:603092 | Date: (C)2017-09-11 (M)2023-04-19 |
Class: PATCH | Family: unix |
An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as "optional". A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.
Product: |
libmbedtls-doc |
libmbedtls-dev |
libmbedtls10 |
libmbedcrypto0 |
libmbedx509-0 |