Vulnerabilities

CVE-2022-25640

by Fred · 23/02/2022

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.

Date published : 2022-02-23

https://github.com/wolfSSL/wolfssl/pull/4831

Similar

Tags: Cybersecurity Alert