CVE-2021-44273

Name of the Vulnerable Software and Affected Versions: e2guardian versions 5.4.x through 5.4.3r

Description: The issue is related to missing SSL certificate validation in the SSL MITM engine of e2guardian. Specifically, when e2guardian is used in standalone mode with SSL MITM enabled and is built with OpenSSL version 1.1.x, it fails to validate hostnames in certificates of the web servers it connects to. This makes e2guardian itself vulnerable to MITM attacks.

Recommendations: For e2guardian versions 5.4.x through 5.4.3r, consider disabling the SSL MITM engine until a patch is available to prevent potential MITM attacks. Restrict access to the SSL MITM engine to minimize the risk of exploitation.