CVE-2021-34433 Vulnerability Details

  /     /     /  

CVE-2021-34433 Metadata Quick Info

CVE Published: 20/08/2021 | CVE Updated: 04/08/2024 | CVE Year: 2021
Source: eclipse | Vendor: The Eclipse Foundation | Product: Eclipse Californium
Status : PUBLISHED

---

CVE-2021-34433 Description

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side\'s signature on the client side, if that signature is not included in the server\'s ServerKeyExchange.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-322
CWE Name: CWE-322: Key Exchange without Entity Authentication
Source: The Eclipse Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).