Title: [Java] CWE-295 - Incorrect Hostname Verification - MitM · Issue #109 · github/securitylab · GitHub
Open Graph Title: [Java] CWE-295 - Incorrect Hostname Verification - MitM · Issue #109 · github/securitylab
X Title: [Java] CWE-295 - Incorrect Hostname Verification - MitM · Issue #109 · github/securitylab
Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. CVEs pending Report Hostname verification is an essential part of Transport Layer Security (TLS) and...
Open Graph Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. CVEs pending Report Hostname verification is an essential pa...
X Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. CVEs pending Report Hostname verification is an essential pa...
Opengraph URL: https://github.com/github/securitylab/issues/109
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"[Java] CWE-295 - Incorrect Hostname Verification - MitM","articleBody":"## CVE ID(s)\r\n\r\n*List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the [GitHub Advisory Database](https://github.com/advisories).*\r\n\r\n- CVEs pending\r\n\r\n## Report\r\n\r\nHostname verification is an essential part of Transport Layer Security (TLS) and HTTPS.\r\n\r\nWhen a TLS connection is established there are two important steps:\r\nFirst, the chain of trust is verified that means it is checked whether the certificate has been issued by a trusted certificate authority.\r\nSecond, the hostname (that is being connected to) needs to be verified against the certificate.\r\nThat means it is checked whether the certificate is actually for the hostname.\r\n\r\nIf the hostname is not verified an attacker could present any certificate with a valid chain of trust, but that is not issued for the hostname at all.\r\n**This allows a man-in-the-middle attack!**\r\n\r\nMany posts tell developers that have problems with hostname verification to accept any certificate as valid in the case of a mismatch.\r\nThese problems usually are configuration problems that should be fixed instead.\r\n\r\nJava verifies HTTPS hostnames by default.\r\nBut when a protocol uses TLS (SSLEngine) the hostname is not verified by default.\r\nThat's where the second part of my query (IncorrectHostnameVerifier.ql) comes into play.\r\n\r\n[This PR and PR description is WIP]\r\n\r\n87 of 642 projects tested have *overridden* the `Hostname.verify` method. \r\nQuery: https://github.com/github/codeql/pull/3581\r\n27 of 642 projects are detected by my currently running query.\r\n\r\n- [x] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). *We would love to have you spread the word about the good work you are doing*\r\n","author":{"url":"https://github.com/intrigus-lgtm","@type":"Person","name":"intrigus-lgtm"},"datePublished":"2020-05-27T21:15:54.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":4},"url":"https://github.com/109/securitylab/issues/109"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:b8c12f96-fb07-ca59-392e-900f6362ba4a |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | 9A18:1EEB:11ADCC9:19E6A19:6A4CF7B4 |
| html-safe-nonce | 10e6e822cd7d9d99c9859dc45e04b96d05d8decdca80d67e63708b6912641d94 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5QTE4OjFFRUI6MTFBRENDOToxOUU2QTE5OjZBNENGN0I0IiwidmlzaXRvcl9pZCI6IjIxMDU2NzM5OTQyODc3NzM2MjAiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | 476c81467e7fa0201744505c7b9f48611a747ea1e4efd514508df6bd95934b5e |
| hovercard-subject-tag | issue:626036609 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/github/securitylab/109/issue_layout |
| twitter:image | https://opengraph.githubassets.com/69599208214579e48ea20dfee314bf94163bb58bc0617601682cca6b764c9bd9/github/securitylab/issues/109 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/69599208214579e48ea20dfee314bf94163bb58bc0617601682cca6b764c9bd9/github/securitylab/issues/109 |
| og:image:alt | CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. CVEs pending Report Hostname verification is an essential pa... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | intrigus-lgtm |
| hostname | github.com |
| expected-hostname | github.com |
| None | 31e4db13a9e20081f2fac78f441659a6576e582bbb15e153f9c7fb6473aa29f5 |
| turbo-cache-control | no-preview |
| go-import | github.com/github/securitylab git https://github.com/github/securitylab.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 221101274 |
| octolytics-dimension-repository_nwo | github/securitylab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 221101274 |
| octolytics-dimension-repository_network_root_nwo | github/securitylab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 8307e9ba117a26e92a64fb1daf085d795a6552ed |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width