[java-sig-commits] [Bug 1308851] New: okhttp: certificate pining bypass

16 Feb 2016


      https://bugzilla.redhat.com/show_bug.cgi?id=1308851
Bug ID: 1308851
           Summary: okhttp: certificate pining bypass
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team@redhat.com
          Reporter: anemec@redhat.com
                CC: gerard@ryan.lt,
                    java-sig-commits@lists.fedoraproject.org,
                    mizdebsk@redhat.com
A vulnerability was discovered in OkHttp that allows an attacker to bypass
certificate pinning. OkHttp did not validate that the pinned certificate
was in the chain to a trusted certificate authority.
External reference:
https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability...
CVE request:
http://seclists.org/oss-sec/2016/q1/308
-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[java-sig-commits] [Bug 1308851] New: okhttp: certificate pining bypass