MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.
References
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2011-02-02 01:00
Updated : 2024-02-04 17:54
NVD link : CVE-2011-0738
Mitre link : CVE-2011-0738
CVE.ORG link : CVE-2011-0738
JSON object : View
Products Affected
globus
- globus_toolkit
ncsa
- myproxy
CWE
CWE-20
Improper Input Validation