Vigil@nce - GnuTLS: Man-in-the-Middle via OCSP Responses
November 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can act as a Man-in-the-Middle via OCSP Responses on
GnuTLS, in order to read or write data in the session.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 14/09/2016.
DESCRIPTION OF THE VULNERABILITY
The GnuTLS product uses the TLS protocol, in order to create
secure sessions.
However, the X.509 certificate and the service identity are not
correctly checked.
An attacker can therefore act as a Man-in-the-Middle via OCSP
Responses on GnuTLS, in order to read or write data in the session.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/GnuTLS-Man-in-the-Middle-via-OCSP-Responses-20605