PT-2016-6629 · Intel · Intel Crosswalk
Yakov Shafranovich
·
Published
2016-08-01
·
Updated
2018-10-09
·
CVE-2016-5672
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Intel Crosswalk versions prior to 19.49.514.5
Intel Crosswalk versions 20.x prior to 20.50.533.11
Intel Crosswalk versions 21.x prior to 21.51.546.0
Intel Crosswalk versions 22.x prior to 22.51.549.0
Description
The issue allows man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate. This occurs because the software interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting.
Recommendations
For Intel Crosswalk versions prior to 19.49.514.5, update to version 19.49.514.5 or later.
For Intel Crosswalk versions 20.x prior to 20.50.533.11, update to version 20.50.533.11 or later.
For Intel Crosswalk versions 21.x prior to 21.51.546.0, update to version 21.51.546.0 or later.
For Intel Crosswalk versions 22.x prior to 22.51.549.0, update to version 22.51.549.0 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Intel Crosswalk