GnuTLS.Security.Null.Signature.Bypass

description-logoDescription

This indicates an attack attempt to exploit a Security Bypass vulnerability in GnuTLS
Incorrect certificate signature checks in GnuTLS allows an attacker to impersonate as the real server in a SSL protected communication. An attacker could impersonate as a legitimate server with a specially crafted certificate. This can result in a MITM attack.

affected-products-logoAffected Products

Up to GnuTLS 3.1.22 and 3.2.12

Impact logoImpact

Security Bypass: Remote attackers can bypass security checks of vulnerable systems.

recomended-action-logoRecommended Actions

Update GnuTLS to 3.1.23 and 3.2.x before 3.2.12
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7341

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)