An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Jul 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. |
30 Jun 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. |
24 May 2023, 15:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:openwrt:openwrt:15.05.1:*:*:*:*:*:*:* |
cpe:2.3:o:openwrt:openwrt:15.05.1:*:*:*:*:*:*:* cpe:2.3:o:openwrt:openwrt:18.06.4:*:*:*:*:*:*:* |
Information
Published : 2019-11-18 18:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-5102
Mitre link : CVE-2019-5102
CVE.ORG link : CVE-2019-5102
JSON object : View
Products Affected
openwrt
- openwrt
CWE
CWE-295
Improper Certificate Validation