by @Smartkeyss
10 Jun 2024

TLS certificate check bypass cURL with mbedTLS - (CVE-2024-2466)

by @Smartkeyss
10 Jun 2024

TLS certificate check bypass cURL with mbedTLS - (CVE-2024-2466)

CVEs

N/A Severity

Screenshots from the blog posts

images/clxahhvwzbwkm1hok7ldsg1u9.pngimages/clxahhvwzbwkm1hok7ldsg1u9.png

PoC video

Summary

libcurl with mbedTLS skips TLS certificate checks for IP address connections, bypassing security for all TLS protocols (HTTPS, FTPS, IMAPS, etc.).

Description

users/photos/clsevlral8gef1hon15grbvup.jpg

@Smartkeyss

26 posts

I am just curious 😊 I use simple words to explain complicated things.

Total vcoins

77.8K

Comments (0)