Insecure Client Authentication in Docker Moby

Insecure Client Authentication in Docker Moby

CVE-2018-12608 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.

Learn more about our Cis Benchmark Audit For Docker.