CyaSSL Server Certificate Spoofing Vulnerability

CyaSSL Server Certificate Spoofing Vulnerability

CVE-2014-2903 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.

Learn more about our Cis Benchmark Audit For Server Software.