In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.
Max CVSS
7.5
EPSS Score
0.07%
Published
2022-02-24
Updated
2022-03-04
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.
Max CVSS
7.5
EPSS Score
0.11%
Published
2019-11-21
Updated
2019-12-04
2 vulnerabilities found