CVE-2010-4334

Name of the Vulnerable Software and Affected Versions IO::Socket::SSL module version 1.35

Description The issue allows remote attackers to bypass intended certificate restrictions due to the module failing open to VERIFY NONE instead of throwing an error when a ca file/ca path cannot be verified. This occurs when verify mode is not VERIFY NONE.

Recommendations For IO::Socket::SSL module version 1.35, consider updating the verify mode settings to ensure proper error handling when ca file/ca path verification fails, or apply a patch if available, to prevent the module from failing open to VERIFY NONE.