Cisco Blogs
Share

Vulnerability Spotlight: Randombit Botan Library X509 Certificate Validation Bypass Vulnerability


April 28, 2017 - 1 Comment

This vulnerability was discovered by Aleksandar Nikolic of Cisco Talos.

Overview

Talos has discovered a vulnerability in the Randombit Botan library. A programming error exists in a way Botan library implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability. A security advisory was published on the Randombit website to inform users the vulnerability is now fixed in versions 2.1.0 and 1.10.16.

Read More >>



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

1 Comments

  1. Good going Aleksandar Nikolic ! , Do keep up the good work !