https://bugzilla.redhat.com/show_bug.cgi?id=1308851
Bug ID: 1308851 Summary: okhttp: certificate pining bypass Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: gerard@ryan.lt, java-sig-commits@lists.fedoraproject.org, mizdebsk@redhat.com
A vulnerability was discovered in OkHttp that allows an attacker to bypass certificate pinning. OkHttp did not validate that the pinned certificate was in the chain to a trusted certificate authority.
External reference:
https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability...
CVE request:
http://seclists.org/oss-sec/2016/q1/308