Man-in-the-Middle Vulnerability in GnuTLS Affected by Incorrect CA Certificate Date Verification
CVE-2014-8155

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnutls
Vendor: CVE Published:; 14 August 2015

Summary

The vulnerability in GnuTLS allows attackers to exploit improper validation of CA certificate activation and expiration dates. This oversight enables man-in-the-middle attacks, where an attacker can present a certificate that is either not yet valid or has expired, allowing them to impersonate legitimate servers and potentially intercept sensitive information. Users of GnuTLS prior to version 2.9.10 are particularly at risk and should ensure that they update to a more secure version to protect against these exploits.

References

http://www.securityfocus.com/bid/73317

vdb-entryx_refsource_BID

http://rhn.redhat.com/errata/RHSA-2015-1457.html

vendor-advisoryx_refsource_REDHAT

https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a49...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 14, 2015
Vulnerability Reserved
Oct 10, 2014