CVE-2024-1052

Name of the Vulnerable Software and Affected Versions Boundary and Boundary Enterprise (affected versions not specified)

Description The issue allows session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.