Bypassing Peer Authentication in ARM mbed TLS

Bypassing Peer Authentication in ARM mbed TLS

CVE-2017-14032 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

Learn more about our Web Application Penetration Testing UK.