Vulnerabilities

CVE-2020-7043

by Fred · 27/02/2020

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider ‘’ characters, as demonstrated by a good.example.comx00evil.example.com attack.

Date published : 2020-02-27

https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/

Similar

Tags: Cybersecurity Alert