GnuTLS.Security.Null.Signature.Bypass
Description
This indicates an attack attempt to exploit a Security Bypass vulnerability in GnuTLS
Incorrect certificate signature checks in GnuTLS allows an attacker to impersonate as the real server in a SSL protected communication. An attacker could impersonate as a legitimate server with a specially crafted certificate. This can result in a MITM attack.
Affected Products
Up to GnuTLS 3.1.22 and 3.2.12
Impact
Security Bypass: Remote attackers can bypass security checks of vulnerable systems.
Recommended Actions
Update GnuTLS to 3.1.23 and 3.2.x before 3.2.12
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7341
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |