Bug #19033

CVE-2017-2667 - SSL/HTTPS server certificates are not verified by default

Added by Dominic Cleal over 1 year ago. Updated over 1 year ago.

Status:Closed
Priority:Normal
Assignee:Tomáš Strachota
Category:Hammer core
Target version:-
Difficulty: Team Backlog:
Triaged: Fixed in Releases:
Bugzilla link: Found in Releases:
Pull request:https://github.com/theforeman/hammer-cli/pull/235, https://github.com/theforeman/hammer-cli-foreman/pull/293

Description

HTTPS connections initiated by Hammer to the API server do not perform validation of the server SSL/TLS certificate, allowing for a man-in-the-middle attack against the user.

#12400 has introduced automatic certificate verification when an SSL CA is explicitly configured, but the default for HTTPS connections remains off. It could be verified against the system CA store.

Reported by Tomas Strachota to .


Related issues

Related to Hammer CLI - Bug #12400: Missing option to enable verification of the server certi... Closed 11/05/2015

Associated revisions

Revision 081a0a40
Added by Tomas Strachota over 1 year ago

Refs #19033 - Instructions for fetching SSL CA cert (#293)

  • Refs #19033 - Instructions for fetching SSL CA cert

Revision 74b926ae
Added by Tomas Strachota over 1 year ago

Fixes #19033 - Enable SSL verification by default (#235)

  • Fixes #19033 - Enable SSL verification by default
  • Refs #19033 - Option for fetching server CA cert

History

#1 Updated by Dominic Cleal over 1 year ago

  • Related to Bug #12400: Missing option to enable verification of the server certificate. added

#2 Updated by Dominic Cleal over 1 year ago

  • Subject changed from SSL/HTTPS server certificates are not verified by default to CVE-2017-2667 - SSL/HTTPS server certificates are not verified by default

#3 Updated by Tomáš Strachota over 1 year ago

  • Status changed from New to Assigned
  • Assignee set to Tomáš Strachota

#4 Updated by The Foreman Bot over 1 year ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/hammer-cli/pull/235 added

#5 Updated by The Foreman Bot over 1 year ago

  • Pull request https://github.com/theforeman/hammer-cli-foreman/pull/293 added

#6 Updated by Anonymous over 1 year ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF