oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2019-15525: Missing TLS/SSL certificate validation in pw3270

From: Carlos Eduardo <carlosecg () gmail com>
Date: Mon, 26 Aug 2019 09:25:18 -0300
CVE: Missing TLS/SSL certificate validation in pw3270

Affected versions: all versions before 5.1

Description:
pw3270 is a GTK based tn3270 terminal emulator. Versions up to 5.0 are
vulnerable to a TLS/SSL certificate validation flaw, leading to attackers
in a MitM position being able to affect confidentiality, integrity and
availability of traffic between the client and host, including credentials
used. This flaw was fixed in version 5.1.

Mitigation:
Upgrade to version 5.1 and up.

This vulnerability was discovered by Carlos Gonçalves.

---
Carlos Gonçalves
IT Security Analyst
Previous By Date Next
Previous By Thread Next

Current thread: