Lucene search
Veracode Vulnerability DatabaseVERACODE:33081HistoryNov 24, 2021 - 5:38 a.m.
Insecure Certificate Validation
2021-11-2405:38:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
insecure certificate validation
aws-iot-device-sdk-js-v2
compromise of certificate authorities
trust stores
linux/unix
spoofing dns records
ca pinning
EPSS
0.001
Percentile
44.4%
aws/aws-iot-device-sdk-js-v2 is vulnerable to Insecure Certificate Validation. Attackers are able to compromise certificate authorities in their trust stores on Linux/Unix, by spoofing DNS records to bypass CA pinning.
References
github.com/aws/aws-iot-device-sdk-cpp-v2
github.com/aws/aws-iot-device-sdk-java-v2
github.com/aws/aws-iot-device-sdk-js-v2
github.com/aws/aws-iot-device-sdk-js-v2/commit/22f1989f5bdb0bdd9c912a5a2d255ee6c0854f68
github.com/aws/aws-iot-device-sdk-js-v2/pull/185
github.com/aws/aws-iot-device-sdk-python-v2
github.com/awslabs/aws-c-io/
Related
github
github
Improper certificate management in AWS IoT Device SDK v2
2021-11-24 21:12:04
prion
prion
Design/Logic Flaw
2021-11-23 00:15:00
osv
osv
PYSEC-2021-863
2021-11-23 00:15:00
CVE-2021-40830
2021-11-23 00:15:07
Improper certificate management in AWS IoT Device SDK v2
2021-11-24 21:12:04
ubuntucve
ubuntucve
CVE-2021-40830
2021-11-23 00:00:00
gitlab
gitlab
Improper Certificate Validation
2021-11-23 00:00:00
cvelist
cvelist
cve
cve
CVE-2021-40830
2021-11-23 00:15:07
nvd
nvd
CVE-2021-40830
2021-11-23 00:15:07