Improper Certificate Validation Affecting openssl Open this link in a new tab package, versions >=1.0.0

Attack Complexity

Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-COCOAPODS-OPENSSL-470648
published

2 Oct 2019
disclosed

25 Jul 2019
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 25 Jul 2019

CVE-2019-1552 Open this link in a new tab CWE-295 Open this link in a new tab

How to fix?

There is no fixed version for OpenSSL.

Overview

OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.

Affected versions of this package are vulnerable to Improper Certificate Validation. OpenSSL has Insecure Path Defaults. When installed on a Windows machine, the default OPENSSLDIR is C:/usr/local which is world writable. This allows an attacker to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc.

Improper Certificate Validation Affecting openssl Open this link in a new tab package, versions >=1.0.0

Attack Complexity

snyk-id

published

disclosed

credit

Introduced: 25 Jul 2019

How to fix?

Overview

References