Client Certificate Spoofing Vulnerability in mod-gnutls
CVE-2015-2091 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate.
Learn more about our Web Application Penetration Testing UK.