CVE-2021-34433: Improper Verification of Cryptographic Signature
(updated )
In Eclipse Californium the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side’s signature on the client side, if that signature is not included in the server’s ServerKeyExchange
.
References
Detect and mitigate CVE-2021-34433 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →