Computer Security
[EN] securityvulns.ru no-pyccku


pfSense invalid certificates issue
Published:26.12.2011
Source:
SecurityVulns ID:12113
Type:library
Threat Level:
5/10
Description:All certificates are issued with CA:true flag.
Affected:PFSENSE : pfSense 2.0
CVE:CVE-2011-4197 (etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.)
Original documentdocumentFlorent Daigniere, [MATTA-2011-001] pfSense x509 Insecure Certificate Creation (26.12.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod