CVE-2021-34433
N/A
N/A
Summary
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Eclipse Foundation | Eclipse Californium | 2.0.0 < unspecified | affected |
| The Eclipse Foundation | Eclipse Californium | unspecified <= 2.6.4 | affected |
| The Eclipse Foundation | Eclipse Californium | 3.0.0-M1 < unspecified | affected |
| The Eclipse Foundation | Eclipse Californium | unspecified <= 3.0.0-M3 | affected |
Weaknesses
- CWE-322: CWE-322: Key Exchange without Entity Authentication
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.