Cisco Blogs

Vulnerability Spotlight: Randombit Botan Library X509 Certificate Validation Bypass Vulnerability

April 28, 2017 - 1 Comment

This vulnerability was discovered by Aleksandar Nikolic of Cisco Talos.


Talos has discovered a vulnerability in the Randombit Botan library. A programming error exists in a way Botan library implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability. A security advisory was published on the Randombit website to inform users the vulnerability is now fixed in versions 2.1.0 and 1.10.16.


In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Good going Aleksandar Nikolic ! , Do keep up the good work !