Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-20230

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-23 Feb, 2021 | 16:34
Updated At-03 Aug, 2024 | 17:30
Rejected At-
Credits

A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:23 Feb, 2021 | 16:34
Updated At:03 Aug, 2024 | 17:30
Rejected At:
▼CVE Numbering Authority (CNA)

A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality.

Affected Products
Vendor
n/a
Product
stunnel
Versions
Affected
  • stunnel 5.57
Problem Types
TypeCWE IDDescription
CWECWE-295CWE-295
Type: CWE
CWE ID: CWE-295
Description: CWE-295
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.redhat.com/show_bug.cgi?id=1925226
x_refsource_MISC
https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9
x_refsource_MISC
https://security.gentoo.org/glsa/202105-02
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1925226
Resource:
x_refsource_MISC
Hyperlink: https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9
Resource:
x_refsource_MISC
Hyperlink: https://security.gentoo.org/glsa/202105-02
Resource:
vendor-advisory
x_refsource_GENTOO
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.redhat.com/show_bug.cgi?id=1925226
x_refsource_MISC
x_transferred
https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9
x_refsource_MISC
x_transferred
https://security.gentoo.org/glsa/202105-02
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1925226
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202105-02
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:23 Feb, 2021 | 17:15
Updated At:01 Jun, 2022 | 18:05

A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
stunnel
stunnel
>>stunnel>>Versions before 5.57(exclusive)
cpe:2.3:a:stunnel:stunnel:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-295Primarysecalert@redhat.com
CWE ID: CWE-295
Type: Primary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bugzilla.redhat.com/show_bug.cgi?id=1925226secalert@redhat.com
Issue Tracking
Third Party Advisory
https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9secalert@redhat.com
Patch
Third Party Advisory
https://security.gentoo.org/glsa/202105-02secalert@redhat.com
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1925226
Source: secalert@redhat.com
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9
Source: secalert@redhat.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/202105-02
Source: secalert@redhat.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

60Records found
CVE-2023-31421
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 26.17%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 03:10
Updated-02 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.

Action-Not Available
Vendor-Elasticsearch BV
Product-elastic_fleet_serverapm_serverelastic_beatselastic_agentElastic AgentBeatsAPM ServerFleet Server
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-30222
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.11%
||
7 Day CHG~0.00%
Published-16 Jun, 2023 | 00:00
Updated-02 Aug, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.

Action-Not Available
Vendor-4dn/a
Product-servern/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-12765
Matching Score-4
Assigner-PostgreSQL
ShareView Details
Matching Score-4
Assigner-PostgreSQL
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.52%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 13:00
Updated-19 Nov, 2025 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass.

pgAdmin <= 9.9  is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.

Action-Not Available
Vendor-pgadminpgadmin.org
Product-pgadmin_4pgAdmin 4
CWE ID-CWE-295
Improper Certificate Validation
CVE-2009-4123
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.62%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 00:00
Updated-07 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.

Action-Not Available
Vendor-jrubyn/a
Product-jruby-openssln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-10381
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.22%
||
7 Day CHG~0.00%
Published-07 Aug, 2019 | 14:20
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.

Action-Not Available
Vendor-Jenkins
Product-codefresh_integrationJenkins Codefresh Integration Plugin
CWE ID-CWE-295
Improper Certificate Validation
CVE-2009-0265
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.74%
||
7 Day CHG~0.00%
Published-26 Jan, 2009 | 15:05
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.

Action-Not Available
Vendor-n/aInternet Systems Consortium, Inc.
Product-bindn/a
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-252
Unchecked Return Value
CVE-2023-4499
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.67%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 16:24
Updated-17 Sep, 2024 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability.

Action-Not Available
Vendor-HP Inc.
Product-mt32thinupdatet430elite_mt645mt43t628mt45mt44t630t638mt31t740t730t640mt21t540mt22t530mt46pro_mt440_g3HP ThinUpdatethinupdate
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-42532
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.26% / 49.72%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-04 Sep, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-40104
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.98%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 22:31
Updated-16 Dec, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-20894
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 73.38%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 15:30
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.

Action-Not Available
Vendor-traefikn/a
Product-traefikn/a
CWE ID-CWE-295
Improper Certificate Validation
  • Previous
  • 1
  • 2
  • Next
Details not found