QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4197

Published: Jan 3, 2012

Modified: Aug 7, 2024

PUBLISHED

Description

etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://github.com/bsdperimeter/pfsense/commit/87b4deb2b2dae9013e6aa0fe490d6a5a04a27894

x_refsource_CONFIRM

https://github.com/bsdperimeter/pfsense/commit/1379d66f11aaf72982a70287b83e24efcd18898e

x_refsource_CONFIRM

20111222 [MATTA-2011-001] pfSense x509 Insecure Certificate Creation

mailing-list

x_refsource_BUGTRAQ

https://www.trustmatta.com/advisories/MATTA-2011-001.txt

x_refsource_MISC

pfsense-x509-security-bypass(71969)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.