Title: [Java]: CWE 295 - Insecure TrustManager - MiTM · Issue #221 · github/securitylab · GitHub
Open Graph Title: [Java]: CWE 295 - Insecure TrustManager - MiTM · Issue #221 · github/securitylab
X Title: [Java]: CWE 295 - Insecure TrustManager - MiTM · Issue #221 · github/securitylab
Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. CVE-2020-26234 (The CVE explicitly talks about hostname verification but at the same time it also ha...
Open Graph Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. CVE-2020-26234 (The CVE explicitly talks about hostname veri...
X Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. CVE-2020-26234 (The CVE explicitly talks about hostname veri...
Opengraph URL: https://github.com/github/securitylab/issues/221
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"[Java]: CWE 295 - Insecure TrustManager - MiTM","articleBody":"## CVE ID(s)\r\n\r\n*List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the [GitHub Advisory Database](https://github.com/advisories).*\r\n\r\n- CVE-2020-26234\r\n(The CVE explicitly talks about hostname verification but at the same time it also had a insecure `TrustManager` implementation, see here:\r\n https://github.com/opencast/opencast/blob/640c5017db13b0c1875b2fe52360f873a074291c/modules/kernel/src/main/java/org/opencastproject/kernel/http/impl/HttpClientImpl.java#L119-L153)\r\n- CVE-2020-13955\r\n(The CVE explicitly talks about hostname verification but at the same time it also had a insecure `TrustManager` implementation, see here:\r\n https://github.com/apache/calcite/commit/43eeafcbac29d02c72bd520c003cdfc571de2d15 and https://github.com/apache/calcite/blob/3d13846a13398a1ba6c1fa84a7d0c0cc543f23d4/core/src/main/java/org/apache/calcite/runtime/TrustAllSslSocketFactory.java#L50)\r\n- CVE-2021-21385 (https://github.com/openMF/mifos-mobile/security/advisories/GHSA-9657-33wf-rmvx)\r\n \u003e [mifos-mobile is an] (...) Android Application built on top of the MifosX Self-Service platform for end-user customers to **view/transact** on the accounts and **loans** they hold.\r\n\r\n Note that the fixed code is written in *Kotlin*; the app has recently been converted to a Kotlin app and the issue has been found in the semantically equivalent Java version.\r\n\r\n- CVE-2021-32700 (https://github.com/ballerina-platform/ballerina-lang/security/advisories/GHSA-f5qg-fqrw-v5ww)\r\n \u003e Ballerina is an open source programming language and platform for cloud-era application programmers to easily write software that just works.\r\n\r\n This issue would have allowed a supply-chain-attack/RCE against users of Ballerina via a MitM.\r\n The fix commit is here: https://github.com/ballerina-platform/ballerina-lang/commit/2476dcf95f9c42518702864b226376ac46bd2f8f#diff-bb49a1821c5dd9c8b726befeabc0a090e449952fd6a876106216685c8946258e\r\n\r\n## Report\r\n\r\n*Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.*\r\nA insecure `TrustManager` is an implementation of the `TrustManager` interface, where the `checkServerTrusted` method trusts any certificate because it never throws a `CertificateException`.\r\nAs the `TrustManager` trusts any certificate, an attacker can create a self-signed certificate that will be accepted as any certificate is trusted. This leads to a MiTM attack against the connection thereby stealing sensitive secrets such as login data or other tokens is possible.\r\n\r\n## Query\r\nhttps://github.com/github/codeql/pull/4879\r\n\r\n- [x] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). *We would love to have you spread the word about the good work you are doing*\r\n","author":{"url":"https://github.com/intrigus-lgtm","@type":"Person","name":"intrigus-lgtm"},"datePublished":"2020-12-24T23:10:24.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":14},"url":"https://github.com/221/securitylab/issues/221"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:5d3e19a8-9377-4f4f-e523-7f8807fecfb4 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | C00E:53D51:144B396:1D019AA:6A4CC485 |
| html-safe-nonce | 66485b31439e8892549fc5bf75dfaefead2206fed8c0db7550e3668763bec0bc |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJDMDBFOjUzRDUxOjE0NEIzOTY6MUQwMTlBQTo2QTRDQzQ4NSIsInZpc2l0b3JfaWQiOiIxODE0NzQ4NjgwNzc2NjMxNDI5IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | ee7fdc460fb93da5622c1dc43ab5e9ef5f64be501dcdb854c37231e34f167335 |
| hovercard-subject-tag | issue:774578921 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/github/securitylab/221/issue_layout |
| twitter:image | https://opengraph.githubassets.com/1ec0682eeac513ae8f3bccd4ef31d014d4b22c73c6c482856f3dbba13835ce15/github/securitylab/issues/221 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/1ec0682eeac513ae8f3bccd4ef31d014d4b22c73c6c482856f3dbba13835ce15/github/securitylab/issues/221 |
| og:image:alt | CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. CVE-2020-26234 (The CVE explicitly talks about hostname veri... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | intrigus-lgtm |
| hostname | github.com |
| expected-hostname | github.com |
| None | 3d11bb817438277de2a940854450e83a7d32b6aeb5014e9e6b00a6423900251c |
| turbo-cache-control | no-preview |
| go-import | github.com/github/securitylab git https://github.com/github/securitylab.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 221101274 |
| octolytics-dimension-repository_nwo | github/securitylab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 221101274 |
| octolytics-dimension-repository_network_root_nwo | github/securitylab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | d0da0eb92994395299ed4450bf67b0373005be36 |
| ui-target | canary-2 |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width