[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2019-15525: Missing TLS/SSL certificate validation in pw3270
From:       Carlos Eduardo <carlosecg () gmail ! com>
Date:       2019-08-26 12:25:18
Message-ID: CAGrd=aPxL96DK6YLr30=Lw7si00wW=RHBmn7b5uSpHt1dQSBEQ () mail ! gmail ! com
[Download RAW message or body]


CVE: Missing TLS/SSL certificate validation in pw3270

Affected versions: all versions before 5.1

Description:
pw3270 is a GTK based tn3270 terminal emulator. Versions up to 5.0 are
vulnerable to a TLS/SSL certificate validation flaw, leading to attackers
in a MitM position being able to affect confidentiality, integrity and
availability of traffic between the client and host, including credentials
used. This flaw was fixed in version 5.1.

Mitigation:
Upgrade to version 5.1 and up.

This vulnerability was discovered by Carlos Gon=C3=A7alves.

---
Carlos Gon=C3=A7alves
IT Security Analyst


[prev in list] [next in list] [prev in thread] [next in thread]