SSL Authentication Bypass in Libsoup by GNOME
CVE-2012-2132

Currently unrated

Key Information:

Vendor
Gnome
Status
Libsoup
Vendor
CVE Published:
20 August 2012

Summary

Libsoup versions up to 2.32.2 are susceptible to an SSL authentication bypass due to a failure in validating certificates. When the required ssl-ca-file is missing, the library does not clear the trust flag. This oversight enables remote attackers to create an unsuspecting SSL connection, effectively bypassing authentication processes, which could lead to unauthorized access and potential exploitation of sensitive data.

References

http://www.openwall.com/lists/oss-security/2012/04/24/13
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/53232
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2012/04/24/3
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2012-2132 : SSL Authentication Bypass in Libsoup by GNOME | SecurityVulnerability.io