QwikSec

Security Database

CVE

CWE

Training

CVE-2021-44273

Published: Dec 23, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/e2guardian/e2guardian/issues/707

https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2

[oss-security] 20211223 CVE-2021-44273: e2guardian did not validate TLS hostnames

mailing-list

[debian-lts-announce] 20230912 [SECURITY] [DLA 3564-1] e2guardian security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.