In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-08-06T22:45:14
Updated: 2021-01-04T02:06:10
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15136
JSON object: View
NVD Information
Status : Modified
Published: 2020-08-06T23:15:11.577
Modified: 2023-11-07T03:17:25.903
Link: CVE-2020-15136
JSON object: View
Redhat Information
No data.