mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-19 09:55:13 +01:00
2d9a2632a7
Documents the new `keywords` attribute and adds keywords to all current advisories. These can be consumed by the web UI.
22 lines
869 B
TOML
22 lines
869 B
TOML
[advisory]
|
|
id = "RUSTSEC-2016-0001"
|
|
package = "openssl"
|
|
patched_versions = [">= 0.9.0"]
|
|
date = "2016-11-05"
|
|
keywords = ["ssl", "mitm"]
|
|
url = "https://github.com/sfackler/rust-openssl/releases/tag/v0.9.0"
|
|
title = "SSL/TLS MitM vulnerability due to insecure defaults"
|
|
description = """
|
|
All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults
|
|
including off-by-default certificate verification and no API to perform hostname
|
|
verification.
|
|
|
|
Unless configured correctly by a developer, these defaults could allow an attacker
|
|
to perform man-in-the-middle attacks.
|
|
|
|
The problem was addressed in newer versions by enabling certificate verification
|
|
by default and exposing APIs to perform hostname verification. Use the
|
|
`SslConnector` and `SslAcceptor` types to take advantage of these new features
|
|
(as opposed to the lower-level `SslContext` type).
|
|
"""
|