The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-10-03T16:15:32
Updated: 2022-10-03T16:15:32
Reserved: 2022-10-03T00:00:00
Link: CVE-2012-4566
JSON object: View
NVD Information
Status : Modified
Published: 2012-11-20T00:55:01.260
Modified: 2023-11-07T02:11:54.277
Link: CVE-2012-4566
JSON object: View
Redhat Information
No data.
CWE