CVE-2018-21246

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 0.10.13

Description The issue is related to the mishandling of TLS client authentication. This is caused by the lack of the StrictHostMatching mode, allowing an attacker to bypass TLS client authentication. An attacker may indicate an SNI during the TLS handshake that is different from the name in the HTTP Host header, which can lead to an authentication bypass.

Recommendations For versions prior to 0.10.13, update to version 0.10.13 or later to resolve the issue. As a temporary workaround, consider enabling the StrictHostMatching mode to minimize the risk of exploitation.