CVE-2013-0243

Name of the Vulnerable Software and Affected Versions haskell-tls-extra versions prior to 0.6.1

Description The issue concerns a problem with certificate validation where the Basic Constraints attribute is not properly checked. This means any certificate is treated as a CA certificate, allowing an attacker to sign another certificate with an arbitrary subject DN or domain name, which would be accepted. This flaw can lead to Man in the Middle (MITM) attacks on TLS connections.

Recommendations For haskell-tls-extra versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue.