TLS 1.3 Mutual Authentication Bypass Vulnerability in wolfSSL

TLS 1.3 Mutual Authentication Bypass Vulnerability in wolfSSL

CVE-2022-25640 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.

Learn more about our Cis Benchmark Audit For Server Software.