In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
En Erlang/OTP versiones anteriores a 23.3.4.15, 24.x anteriores a 24.3.4.2 y 25.x anteriores a 25.0.2, se presenta una Omisión de Autenticación de Cliente en determinadas situaciones de certificación de cliente para SSL, TLS y DTLS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
NVD-CWE-noinfo
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| erlang | erlang\/otp | * | <built-in method update of dict object at 0x7c3c3372edc0> | Application |
| erlang | erlang\/otp | * | <built-in method update of dict object at 0x7c3c2ab0e940> | Application |
| erlang | erlang\/otp | * | <built-in method update of dict object at 0x7c3c2ab0ccc0> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:* |