Man-in-the-Middle Vulnerability in GnuTLS Affected by Incorrect CA Certificate Date Verification
CVE-2014-8155
Currently unrated
Summary
The vulnerability in GnuTLS allows attackers to exploit improper validation of CA certificate activation and expiration dates. This oversight enables man-in-the-middle attacks, where an attacker can present a certificate that is either not yet valid or has expired, allowing them to impersonate legitimate servers and potentially intercept sensitive information. Users of GnuTLS prior to version 2.9.10 are particularly at risk and should ensure that they update to a more secure version to protect against these exploits.
References
Timeline
Vulnerability published
Vulnerability Reserved