TLS Certificate Verification Bypass in WebKitGTK+ WebSocket Connections

TLS Certificate Verification Bypass in WebKitGTK+ WebSocket Connections

CVE-2018-11712 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.

Learn more about our Network Penetration Testing.