Insecure X.509 Certificate Creation in pfSense by Netgate
CVE-2011-4197

Currently unrated

Key Information:

Vendor: Pfsense
Status: Pfsense
Vendor: CVE Published:; 3 January 2012

What is CVE-2011-4197?

The PKI implementation in pfSense prior to version 2.0.1 inadequately handles X.509 certificates by automatically assigning a true value to the CA basic constraint. This flaw enables remote attackers to forge sub-certificates for any subject, leveraging possession of private keys. Such a vulnerability can lead to unauthorized access or impersonation, significantly undermining the security of the network infrastructure.

References

http://www.securityfocus.com/bid/51169

vdb-entryx_refsource_BID

https://github.com/bsdperimeter/pfsense/commit/87b4deb2b2...

x_refsource_CONFIRM

https://github.com/bsdperimeter/pfsense/commit/1379d66f11...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 3, 2012
Vulnerability Reserved
Oct 26, 2011

Pfsense

What is CVE-2011-4197?

References

Timeline