Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
AnalysisAI
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. Affected products include: Erlang Erlang\/Otp. Version information: before 23.3.4.15.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Erlang Otp
View allErlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. Rat
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inje
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. Rated high severity (CV
An issue was discovered in Erlang/OTP 18.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitab
TLS server impersonation in Erlang/OTP's public_key library lets a name-constrained subordinate CA forge a trusted ident
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. Rated high severity (CVSS 7.5), this
Certificate chain forgery in Erlang/OTP's public_key application (pubkey_cert module) lets a non-CA end-entity certifica
OCSP responder certificate validity bypass in Erlang OTP's public_key library allows forged OCSP responses-signed with t
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today