Insecure TLS Certificate Chain Verification in OWASP ZAP (w2022-03-21)

Insecure TLS Certificate Chain Verification in OWASP ZAP (w2022-03-21)

CVE-2022-27820 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.

Learn more about our Cis Benchmark Audit For Server Software.